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Description 

The present invention relates to a communication 
apparatus that is employed for a multi-media network, 
etc., and in particular to a communication apparatus 
etc. , and in particular to a communication apparatus and 
method service for encrypted secret information: and to 
a communication system and method that employs such 
a communication apparatus and method. 

Recently, in consonance with the preparation of op- 
tical fiber networks lor trunk communication networks, 
the spread of cable television systems, the practical use 
of satellite communications, and the spread of local area 
networks, there has been an expansion of the so-called 
information service industry that provides various infor- 
mation, across a communication network, such as im- 
ages, sounds, and computer data, and charges service 
fees in consonance with the contents and the amount 
of the information that is provided. It is important that 
such services have means to properly account for pro- 
vided information. 

However, in many cases conventional accounting 
systems are monthly systems, such as those for cable 
television systems or broadcast satellite systems, that 
are not concerned with the frequency of service, or ac- 
counting systems, such as for computer services, that 
count only the service frequency (or service time) and 
that are not concerned with the types or quality of pro- 
vided information. 

It is vitally important that information transmission 
across a communication network be secure, and vari- 
ous systems for enciphering information and transmit- 
ting the enciphered information have been proposed as 
secure transmission means. 

When an information service uses a conventional 
enciphering system to keep information secret, howev- 
er, the conventional enciphering system will not be able 
to cope with the various types of information and serv- 
ices as they continue to expand in the future. 

It is assumed that generally an information provid- 
ing center can provide not only one type of information, 
but that it can provide an assortment of different types 
of information. The various types of information differ in 
their worth, however and accordingly, conditions 
wherein the information providing center calculates a 
charge should be different. From the view of the amount 
of information that is to be provided, since the quantity 
of data that is required for an animated image is consid- 
erably greater than the data that is required for text in- 
formation, with an accounting system according to 
which charges are based on the quantity of information 
dispensed, a user that received animated image infor- 
mation would have to pay a fee that was a multiple times 
of the service fee charged for text information. Such an 
accounting system would be unrealistic. 

The conventional accounting system for an infor- 
mation service has the above described problems. 

It is an aim of one aspect of the present invention 



to provide an accounting system and method that can 
calculate a charge while taking into consideration the 
types and quality of information and service. 

According to one embodiment of the present inven- 
5 tion, provided are encipher transmission means for en- 
ciphering data and transmitting enciphered data; count- 
ing means for obtaining a count of quantity of data to be 
enciphered; and accounting means for charging a user 
for the enciphered data in consonance with a count val- 
10 ue held by the counting means. 

According to another embodiment, provided are en- 
cipher transmission means for enciphering data as units 
of a block each and for transmitting the enciphered data; 
counting means for obtaining a count of the blocks to be 
is enciphered; and accounting means for charging a user 
for the enciphered data in consonance with a count val- 
ue held by the counting means. 

According to an additional embodiment, provided 
are encipher transmission means for enciphering data 
20 and transmitting enciphered data; counting means for 
obtaining a count of cryptographic keys that are em- 
ployed for enciphering; and accounting means for 
charging a user of the enciphered data in consonance 
with a count value held by the counting means. 
25 According to a further embodiment, provided are 
encipher transmission means for enciphering data and 
transmitting enciphered data while updating a crypto- 
graphic key; counting means for obtaining a count of 
feedback calculations that are performed for updating 
30 the cryptographic key; and accounting means for charg- 
ing a user of the enciphered data in consonance with a 
count value held by the counting means. 

According to still another embodiment, provided is 
a communication system comprising: a transmission 
35 terminal, including encipher transmission means for en- 
ciphering data and transmitting enciphered data; and a 
reception terminal, including encipher reception means 
for receiving and deciphering enciphered data, the 
transmission terminal charging the reception terminal a 
40 fee that corresponds to an operation of the encipher 
transmission means. 

According to the above described embodiments, 
the number of calculations that are performed lor enci- 
phering, i.e., information, such as the quantity of data, 
45 the number of cryptographic keys and the number of 
feedback calculations, is employed to acquire account- 
ing information, so that the information providing center 
can determine in advance a unit fee in consonance with 
information type and quality. Therefore, a user can be 
50 charged a fair information service fee by the information 
providing center in consonance with the type : quality 
and quantity of the provided information. 

Further, an information provider can determine a 
charge for information service in consonance with the 
55 quality of information that is provided. Also, since the 
accounting is performed by the unit, when the provided 
information differs from the desired information, a user 
can cancel the request for that information so as to min- 
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imize any loss that may be incurred. 

A conventional system is not designed to provide a 
variable enciphering rate for a block signal. As for data 
in a large quantity, such as image data, for which high 
speed real-time is required, the conventional system 
can not provide high-speed cryptographic communica- 
tion by increasing the enciphering rate for block cryp- 
tography even though the security for enciphering is re- 
duced. As for non-real time data in a small quantity, such 
as text data, the conventional system can not provide 
secure cryptographic communication by reducing an 
enciphering rate for block cryptography to increase se- 
curity. 

In addition, a conventional system is not designed 
to provide a variable key generation rate. Therefore, as 
tor data of high secret for example, the conventional sys- 
tem can not provide high-security cryptographic com- 
munication by increasing the key generation rate. 

The conventional encipher communication means 
has the above described problems. 

To resolve these problems, it is another object of 
the present invention to provide an encipher communi- 
cation apparatus that can vary an enciphering rate, and 
to provide an enciphering device. 

To achieve the above object, according to one em- 
bodiment, provided are cryptographic communication 
means for enciphering transmission data and decipher- 
ing received enciphered data and for performing com- 
munication; and changing means for changing a rate 
that is applied for enciphering/deciphering data. 

According to another embodiment, provided are en- 
ciphering means for enciphering and deciphering a pre- 
determined algorithm; and changing means for chang- 
ing a rate for the encipher means without changing the 
predetermined algorithm. 

According to an additional embodiment, provided 
are enciphering means capable of changing an encipher 
power relative to transmission data; and changing 
means for changing the encipher power of the encipher- 
ing means in consonance with a deciphering capability 
of a transmission destination. 

According to a further embodiment, provided are 
enciphering means capable of changing an encipher 
power relative to transmission data; and changing 
means for changing the encipher power of the encipher- 
ing means by negotiation with a transmission destina- 
tion. 

According to the above embodiments, the encipher- 
ing rate and the encipher power can be changed, and 
the changed enciphering rate or the encipher power that 
is changed is used in common by a transmitter and a 
receiver prior to the transmission of an enciphered text. 
As a result, the selection of the enciphering rate, which 
conventionally is not taken into account, is possible, and 
cryptographic communication having a high degree of 
freedom can be provided. 

Further, the enciphering rate for an encipherer and/ 
or the pseudo-random number generation rate are 



changed, and the changed enciphering rate and pseu- 
do-random number generation rale of the encipherer 
are employed in common by a transmitter and a receiver 
prior to the transmission of an enciphered text. As a re- 

5 suit, the selection of a trade-off between the security of 
the enciphering and the processing speed is possible, 
and cryptographic communication having a high degree 
of freedom can be provided. 

Therefore, even when the processing capability of 

io an encipherer and pseudo-random number generation 
rates differ from a transmitter and a receiver, crypto- 
graphic communication is possible. 

It is an aim of another aspect of the present inven- 
tion to provide a service charge system that is conso- 
ls nant with a transfer speed and the security provided for 
enciphered information. 

According to one embodiment, provided are enci- 
pher transmission means for enciphering data and 
transmitting enciphered data; selection means for se- 

20 lecting an enciphering rate for the encipher transmission 
means; and accounting means for charging a fee in con- 
sonance with the enciphering rate that is selected by the 
selection means. 

According to another embodiment, provided is a 

25 cryptographic communication system, which performs 
communication of enciphered data across a network 
and varies an encipher power, wherein a data transmis- 
sion side charges a data reception side a fee in conso- 
nance with the encipher power. 

30 According to the above embodiments, cryptograph- 
ic communication having a high degree of freedom can 
be provided by selecting an enciphering rate using the 
selection means. 

Further, an information providing service can be 

55 achieved that has a service charge system, which is 
consonant with encipher power for selected enciphering 
rates, transfer speeds and security. 

Not taken into consideration for conventional cryp- 
tographic communication are such adjustments, be- 

40 tween an information providing center and a user, as 
which enciphering system should be employed for pro- 
viding information, or which mode, or which system for 
what kind of countermeasure is performed for decipher- 
ing, should be employed for cryptographic communica- 

45 tion. Particularly not taken into consideration is that an 
encipher power should be adjusted in consonance with 
the types of information that are to be exchanged. It is 
impossible, for example, for data such as image data 
that are required for a large amount and for high-speed 

50 real time, information is provided by an enciphering sys- 
tem at a high processing speed, and for data such as 
text data that are a small amount at non-real time but 
are very secret, information is provided by an encipher- 
ing syr-tem that places a large load on an encipherer but 

55 keeps high security. 

It is, therefore, difficult to provide a charge system 
for an information providing service that is consonance 
with the transfer speed for information providing and the 
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security that is required for communication. 

To resolve this problem, it is an aim of a further as- 
pect of the present invention to provide a service charge 
system that corresponds to a transfer speed and the se- 
curity for providing enciphered information. 

According to one embodiment, provided are enci- 
pher transmission means for enciphering data by using 
a plurality of enciphering systems and for transmitting 
enciphered data; selection means for selecting one en- 
ciphering system from among the plurality of the enci- 
phering systems; and accounting means for charging a 
fee in consonance with the enciphering system that is 
selected by the selection means. 

According to another embodiment, provided is a 
cryptographic communication system, which enciphers 
data across a network and selects an enciphering sys- 
tem, wherein a data transmission side charges a data 
reception side in consonance with the enciphered sys- 
tem that is selected. 

According to the above embodiments, cryptograph- 
ic communication having a high degree of freedom can 
be provided by selecting an enciphering system. As a 
result, an information providing service can be achieved 
having a service charge system that is consonant with 
encipher power, transfer speed and security of a select- 
ed enciphering system. . 

It is an aim of a still further aspect of the present 
invention to provide a cryptographic communication ap- 
paratus cryptographic communication system that em- 
ploys such an apparatus, and an encipherer. 

According to one embodiment, provided are a plu- 
rality of communication means for enciphering transmis- 
sion data and deciphering received enciphered data, 
and for performing communication with each other; and 
selection means, provided in each of the plurality of 
communication means, for selecting one of a plurality of 
enciphering systems. 

According to another embodiment, provided are en- 
ciphering means for selectively employing a plurality of 
enciphering systems to encipher information; and mode 
selection means for selecting an operational mode, the 
enciphering means selecting one of the plurality of en- 
ciphering systems in accordance with the operational 
mode that is selected. 

According to an additional embodiment provided 
are enciphering means for selectively employing a plu- 
rality of enciphering systems to encipher information; 
and designation means for designating a security rank, 
the enciphering means selecting one of the plurality of 
enciphering systems in accordance with the security 
rank that is selected. 

According to a further embodiment, provided is a 
cryptographic communication system, which permits a 
plurality of terminals on a network to communicate en- 
ciphered data and selects an enciphering system, 
wherein when an enciphering system that is designated 
by a predetermined terminal is to be changed by another 
terminal, an approval by the predetermined terminal is 



required. 

According to the above embodiments, since selec- 
tion means for selecting an enciphering system is pro- 
vided for commutation means that is employed by a 
5 transmitter and a receiver that together cryptographic 
communication, the enciphering system can be arbitrar- 
ily set. Further, since the set enciphering system is em- 
ployed in common by the transmitter and the receiver 
prior to the transmission of enciphered text, the selec- 
10 tion of the enciphering system that conventionally is not 
taken into consideration is possible, and cryptographic 
communication having a high degree of freedom can be 
provided. In addition, an encipher power can be select- 
ed 

is Embodiments of the present invention will now be 
described with reference to the accompanying draw- 
ings, in which: 



20 



25 



30 



35 



40 



45 



55 



Fig. 1 is a block diagram illustrating a common en- 
ciphering system; 

Fig. 2 is a flowchart for DES enciphering; 
Fig. 3 is a block diagram illustrating a common 
pseudo-random number generator; 
Fig. 4 is a block diagram illustrating a network 
across which information providing service as a ba- 
sis for one embodiment is performed; 
Fig. 5 is a block diagram illustrating a communica- 
tion terminal according to a first embodiment of the 
present invention; 

Fig. 6 is a block diagram illustrating a communica- 
tion terminal according to a second embodiment of 
the present invention; 

Fig. 7 is a block diagram illustrating a communica- 
tion terminal according to a third embodiment of the 
present invention; 

Fig. 8 is a block diagram illustrating a communica- 
tion terminal for a user according to the third em- 
bodiment of the present invention; 
Fig. 9 is a block diagram illustrating a communica- 
tion terminal that has a display device according to 
the first and the third embodiment of the present in- 
vention; 

Fig. 10 is a block diagram illustrating a portable stor- 
age device according to the third embodiment of the 
present invention; 

Fig. 11 is a block diagram illustrating an information 
providing center according to the third embodiment 
of the present invention; 

Fig. 12 is a block diagram illustrating a database 
according to the third embodiment of the present 
invention; 

Fig. 1 3 is a block diagram illustrating a storage de- 
vice according to the third embodiment of the 
present invention; 

Fig. 1 4 is a block diagram illustrating an accounting 
device according to the third embodiment of the 
present invention; 

Fig. 15 is a block diagram illustrating a pseudo-ran- 
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dom number generator that employs a square-type 
pseudo-random number according to the third em- 
bodiment of the present invention; 
Fig. 16 is a block diagram illustrating a communica- 
tion terminal according to a fourth embodiment of 5 
the present invention; 

Fig. 17 is a block diagram illustrating a communica- 
tion terminal according to the fourth embodiment of 
the present invention; 

Fig. 1 8 is a block diagram illustrating a communica- io 
tion terminal according to a fifth embodiment of the 
present invention; 

Fig. 1 9 is a block diagram illustrating a pseudo-ran- 
dom number generator that employs a square-type 
pseudo-random number according to the fifth em- 15 
bodiment of the present invention; 
Fig. 20 is a block diagram illustrating a communica- 
tion terminal according to a sixth embodiment of the 
present invention; 

Fig. 21 is a block diagram illustrating an enciphering 20 
rate setting device according to the sixth and twelfth 
embodiment of the present invention; 
Fig. 22 is a block diagram illustrating a portable stor- 
age device according to the sixth through fourteenth 
embodiments of the present invention; 25 
Fig. 23 is a block diagram illustrating a communica- 
tion terminal according to a seventh and an eighth 
embodiment of the present invention; 
Fig. 24 is a block diagram illustrating an encipherer 
that can set an enciphering rate according to the 30 
seventh embodiment of the present invention; 
Fig. 25 is a block diagram illustrating an encipherer 
that can set an encipher power and processing 
speed according to an eighth embodiment of the 
present invention; 35 
Fig. 26 is a block diagram illustrating a pseudo-ran- 
dom number generator that can set a processing 
speed by employing a generation rate setting de- 
vice according to a ninth embodiment of the present 
invention; 40 
Fig. 27 is a block diagram illustrating an encipherer 
that can set an enciphering rate according to the 
ninth embodiment of the present invention; 
Fig. 28 is a block diagram illustrating a pseudo-ran- 
dom number generator that employs PEs according 45 
to a tenth embodiment of the present invention; 
Fig. 29 is a block diagram illustrating the PE accord- 
ing to the tenth embodiment of the present inven- 
tion; 

Fig. 30 is a block diagram illustrating a pseudo-ran- so 
dom number generator that can set a generation 
rate according to the tenth embodiment of the 
present invention; 

Fig. 31 is a block diagram illustrating an encipherer 
that can set an enciphering rate according to the 55 
tenth embodiment of the present invention; 
Fig. 32 is a block diagram illustrating a square-type 
pseudo-random number generator according to an 



eleventh embodiment of the present invention; 
Fig. 33 is a block diagram illustrating a communica- 
tion terminal according to the twelfth embodiment 
of the present invention: 

Fig. 34 is a block diagram illustrating a communica- 
tion terminal according to a thirteenth embodiment 
of the present invention; 

Fig. 35 is a block diagram illustrating a rate setting 
device according to a fourteenth embodiment of the 
present invention; 

Fig. 36 is a block diagram illustrating a communica- 
tion terminal according to a fifteenth embodiment of 
the present invention: 

Fig. 37 is a block diagram illustrating an enciphering 
rate setting device for an encipherer according to 
the fifteenth embodiment of the present invention; 
Fig. 38 is a block diagram illustrating an information 
providing center according to the fifteenth embodi- 
ment of the present invention; 
Fig. 39 is a block diagram illustrating a database 
according to the fifteenth embodiment of the 
present invention; 

Fig. 40 is a block diagram illustrating a storage de- 
vice according to the fifteenth embodiment of the 
present invention; 

Fig. 41 is a block diagram illustrating an accounting 
device according to the fifteenth embodiment of the 
present invention; 

Fig. 42 is a block diagram illustrating a communica- 
tion terminal according to a sixteenth embodiment 
of the present invention; 

Fig. 43 is a block diagram illustrating a key gener- 
ation and selection device according to the six- 
teenth embodiment of the present invention; 
Fig. 44 is a block diagram illustrating another key 
generation and selection device according to the 
sixteenth embodiment ol the present invention; 
Fig. 45 is a block diagram illustrating an information 
providing center according to the sixteenth embod- 
iment of the present invention; 
Fig. 46 is a block diagram illustrating a database 
according to the sixteenth embodiment of the 
present invention; 

Fig. 47 is a block diagram illustrating a storage de- 
vice according to the sixteenth embodiment of the 
present invention; 

Fig. 48 is a block diagram illustrating an accounting 
device according to the sixteenth embodiment of 
the present invention: 

Fig. 49 is a block diagram illustrating a communica- 
tion terminal according to a seventeenth embodi- 
ment of the present invention; 

Fig. 50 is a diagram illustrating the configuration of 
a common-key and a public-key cryptographic com- 
munication network according to the seventeenth 
embodiment of the present invention; 
Fig 51 is a diagram illustrating a public-key crypto- 
graphic communication network; 
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Fig. 52 is a block diagram illustrating a communica- 
tion terminal that has a display device according to 
an eighteenth embodiment of the present invention; 
Fig. 53 is a block diagram illustrating a communica- 
tion terminal according to a nineteenth embodiment 
of the present invention; 

Fig. 54 is a block diagram illustrating an encipherer 
according to the nineteenth embodiment of the 
present invention; 

Fig. 55 is a block diagram illustrating an encipherer 
according to a twentieth embodiment of the present 
invention; 

Fig. 56 is a block diagram illustrating a key gener- 
ation and selection device that employs a square- 
type pseudo-random number according to a twenty- 
first embodiment of the present invention; 
Fig. 57 is a diagram illustrating the procedures for 
cryptographic communication when key updating is 
performed according to the twenty-first embodi- 
ment of the present invention; 
Fig. 58 is a block diagram illustrating a communica- 
tion terminal according to a twenty-second embod- 
iment of the present invention: and 
Fig. 59 is a block diagram illustrating a key gener- 
ation and selection device that employs a square- 
type pseudo-random number according to the 
twenty-second embodiment of the present inven- 
tion. 

First, a common enciphering system that is a basis 
of the preferred embodiments and information providing 
service that employs the enciphering system will now 
be described. 

First, the general enciphering system will be ex- 
plained. A conventional public algorithm type common- 
key block cipher, such as DES (Data Encryption Stand- 
ard) cryptography and FEAL (Fast Data Encipherment 
Algorithm) cryptography, has a shortcoming in that 
when a set of enciphered text and plaintext using the 
same key is output more often than a specific number 
of times : the key can be analyzed. To remove this short- 
coming, as is shown in Fig. 1 , an enciphering system is 
proposed that makes key analysis more difficult by, be- 
fore a set of an enciphered text and a plaintext is output 
the number of times that permits key analysis, the up- 
dating of a key as needed using a pseudo-random 
number that is secure from calculation amount 
(Yamamoto, Iwamura, Matsumoto and Imai: "Square- 
type pseudo-random number generator and practical 
enciphering system employing block encipher," Institute 
Of Electronics Information And Communication Engi- 
neers ISEC 93-29, 1993-08). 

DES cryptography will be briefly described. DES 
cryptography, a specific common-key block cryptogra- 
phy of public algorithm type, has a currently wide em- 
ployment centering around its use by monitory facilities. 
Fig. 2 is a flowchart for performing DES cryptography 
For DES cryptography, a 64-bit data block is employed 



as a unit for encryption (decryption). The length of a key 
is 56 bits. The cryptographic algorithm employs, as a 
base, transposition (exchange of bit positions of input 
bits) and substitution ( replacement of an input value with 

5 another value). During encryption (decryption) accord- 
ing to DES cryptography, a process for which the trans- 
position and the substitution are properly combined is 
assembled in 16 steps, and the bit pattern of a plaintext 
is mixed and is converted into an enciphered text having 

10 no meaning. In a decryption process, the enciphered 
text is mixed to recover the original plaintext. The pa- 
rameter for this mixing is a 56-bit key. 

A pseudo-random number sequence that is secure 
from a calculation amount is a pseudo-random number 

is sequence with which proved is that, if there exists a pol- 
ynomial time algorithm wherein one part of the pseudo- 
random number sequence is employed to anticipate the 
following pseudo-random number sequence, the poly- 
nomial time algorithm is employed to constitute a poly- 

20 nomial time algorithm relative to a problem that is re- 
garded as difficult because of the calculation amount. 
More specifically, a pseudo-random number sequence 
that is secure from a calculation amount is a sequence 
with which it is very difficult, with respect of a calculation 

2S amount, for a random number sequence that is output 
to be used to anticipate the following random number 
sequence. This is studied in details in A. C. Yao, "Theory 
and Applications of Trapdoor Functions" Proceedings of 
the 23rd IEEE Symposium of Foundations of Computer 

30 Science, IEEE, pp. 80-91.. 1982, or M. Blum and S Mi- 
ca li, "How to Generate Cryptograph ically Strong Se- 
quences of Pseudo-Random Bits" Proc. 22nd FOCS, 
IEEE, pp. 112-117,1 982. Well known algorithms that are 
employed for the generation of pseudo-random num- 

35 bers that are secure from a calculation amount are those 
using square-type random number, RSA encryption, 
discrete logarithms, or reciprocal encryption, which are 
described in Tsujii and Kasahara, "Cryptography and In- 
formation Security," Shokosha Co. : Ltd., p. 86, 1990. 

40 in Fig. 1 is shown a device that performs as the en- 
ciphering system and that comprises a pseudo-random 
number generator 10, a computing unit 20, and a block 
encipherer 30. Block cryptography such as DES cryp- 
tography or FEAL cryptography, is employed as an al- 

4S gorithm for the block encipherer 30. The block encipher- 
er 30 enciphers plaintext and deciphers enciphered text. 
The pseudo-random number generator 10 generates 
pseudo-random numbers according to the algorithm for 
generation of pseudo-random numbers that is secure 

50 from a calculation amount. Generally a random number 
sequence, b 1( b 2 , . . that is secure from a calculation 
amount are generated from initial value x 0 by the follow- 
ing expressions: 

x M =f(x i )(i = 0,1....) (1) 
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b M =g(x M )(i = o,i....) (2). 

As is shown in Fig. 3, the pseudo-random number 
generator 10 comprises a processor 11 for performing 
feedback calculation by expression (1 ), and a processor 
12 for calculating expression (2). The operation of the 
pseudo-random number generator 10 is as follows: 

1. Initial value Xq is input to the pseudo-random 
number generator 10. 

2. Generated by expression (1 ) are x-,, x 2 , . . ., Xj. 

3. The x v x 2 ; . . Xj that are generated are substi- 
tuted into expression (2), and the obtained b v 
b 2 , . . ., b^are output as pseudo-random numbers. 

The computing unit 20 shown in Fig. 1 converts the 

acquired b,, b 2 b; into a series of keys for block 

cryptography. Each key for block cryptography is a se- 
ries of bits having a length that is defined by the algo- 
rithm of the employed block cryptography process. The 
keys are generated, for example, by dividing for each 
bit length a pseudo-random number sequence, b 1( 
b 2 , . - -,b h that is secure from a calculation amount. 

In Fig. 1, M uV (u = 1 , 2, . . t; v = 1 , 2, . . s) indi- 
cates a plaintext block; ky (u = 1, 2, . . ., t) indicates a 
key for block cryptography; and k^M^) (u = 1 , 2, . . ., t; 
v=1,2,...,s) indicates an enciphered text block that 
is acquired by enciphering plaintext block M uv using 
cryptographic key k^ Using the same key K y> s blocks, 
from m w1 to M us , are enciphered. 

Keys in a series, k v k 2 , . , that are updated by the 
pseudo-random number generator 10 and the comput- 
ing unit 20 are employed in order as keys for block cryp- 
tography, and the plaintext blocks in Fig. 1 are enci- 
phered by using a plurality of cryptographic keys. 

With the above described conventional enciphering 
system, a limited number of plaintext blocks will be en- 
ciphered using the same key, and analysis of the key 
will be difficult. 

An explanation of an information providing service 
that employs the above enciphering system follows. A 
cryptographic communication network that performs the 
information providing service is constituted by an infor- 
mation providing center and users A, B, . . ., and M, as 
is shown in Fig. 4. The information providing center 40 
and the users A through M employ in common inherent 
and secret keys that are provided in advance. The key 
string K A , K B , . . ., and K M comprises respectively the 
key that is used in common by the information providing 
center 40 and user A, the key that is used in common 
by the information providing center 40 and user B and 
the key that is used in common by the information pro- 
viding center 40 and user M. 

In addition, the information providing center 40, and 
each of the users A through M comprise the block enci- 
pherer 30, which performs enciphering (and decipher- 



ing) in accordance with an algorithm that is determined 
by a network; the pseudo-random number generator 1 0, 
which generates pseudo-random numbers that are se- 
cure from a calculation amount according to the algo- 

5 rithm for the network; and the computing unit 20. which 
converts the pseudo-random numbers that are output 
by the pseudo-random number generator 10 into a se- 
ries of keys for the block encipherer 30. 

To provide information for the user A from the infor- 

io mation providing center 40 while using the above de- 
scribed enciphering system, the information providing 
service employs the following procedures. 

1 . The user A requests information that he or she 
*5 needs from the information providing center 40. 

2. As an initial value for the current communication, 
the information providing center 40 uses the secret 
key K A , which is used in common with the user A, 
to set the pseudo-random number generator 10. 

20 The pseudo-random number generator 10 is oper- 
ated and generates a random number sequence 
that is secure from a calculation amount. The com- 
puting unit 20 converts the generated pseudo-ran- 
dom number sequence into a series of keys for 
2S block cryptography. While these keys are being up* 
dated, they are employed as keys for block cryptog- 
raphy to encipher information that is provided by the 
block encipherer 30. The enciphered information is 
then transmitted to the user A. 
30 3. As an initial value for the current communication, 
the user A uses the secret key K A , which is used in 
common with the information providing center 40, 
to set the pseudo-random number generator 10. 
The pseudo-random number generator 10 is oper- 
as ated and generates a random number sequence 
that is secure from a calculation amount. The com- 
puting unit 20 converts the generated pseudo-ran- 
dom number sequence into a series of keys for 
block cryptography. While these keys are being up- 
40 dated, they are employed as keys for block cryptog- 
raphy by the block encipherer 30 to decipher the 
text that is transmitted by the information providing 
center 40. The user A thus obtains the provided in- 
formation. 

45 

Through the above described procedures, the infor- 
mation providing service function is performed between 
the information providing center 40 and the authorized 
users A through M, who employ keys in common with 
the center 40. Since the information is provided accord- 
ing to these procedures, the information providing cent- 
er 40 can transmit information to a requesting user while 
keeping it secret from all other users. Therefore, the in- 
formation providing service can account for each user 
55 that has received information. 

The first through fifth embodiment that are based 
on the system shown in Fig. 4 will now be described 
while referring to the accompanying drawings 
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First Embodiment 



In this embodiment, as is shown in Fig. 5, an infor- 
mation providing center 40 employs a communication 
terminal 50, which comprises a block encipherer (here- 
after referred to simply as an encipherer) 51 for perform- 
ing enciphering (and deciphering) according to an algo- 
rithm that is specified by a network, and a counter 52 for 
obtaining a count of enciphered blocks. 

Since a user does not need the counter 52 that is 
provided in the communication terminal 50 in Fig. 5, in 
the design of a communication terminal for a user the 
counter 52 is removed from the communication terminal 
50 of the information providing center 40. However, 
when a user desires information concerning a service 
charge tor providing information to his or her communi- 
cation terminal, a communication terminal having the 
same structure as that of the communication terminal 
50 may be employed. 

The block encipherer 30 shown in Fig. 1 can serve 
as the encipherer 51 . Since the input of data to the en- 
cipherer 51 is synchronized with an operation clock for 
the encipherer 51 , the counter 52 counts the number of 
operation clocks for the encipherer 51 to acquire the 
number of blocks that are enciphered. Before the enci- 
pherer 51 is operated for enciphering, the value held by 
the counter 52 is reset using a reset signal. When the 
enciphering is completed, the value held by the counter 
52 is read, and accounting is performed based on the 
acquired value. 

A cryptographic communication network that per- 
forms an information providing service is constituted by 
the information providing center 40 and users A through 
M, as is shown in Fig. 4. The information providing cent- 
er 40 and the users A through M use in common inherent 

and secret keys K A , K B and K M , respectively. The 

information providing center 40 sets a key in advance 
for use on a common key with a specific user. Further, 
key joint ownership can be established by a well known 
system for establishing the joint ownership of a key, as 
is described in Tsujii and Kasahara, "Cryptography And 
Information Security", Shokosha Co Ltd., pp. 72 and 
73, and pp. 97 to 104, 1990. 

The information providing center 40 acquires the 
count of enciphered blocks by using the counter 52, and 
assesses a charge in accordance with the block count. 
Through this procedure, an accounting system that re- 
flects the characteristics of information, such as type 
and quality, can be provided. More specifically, the in- 
formation providing center 40 specifies in advance, by 
block and in accordance with type or quality, charges for 
information that is to be provided, and thus, unlike con- 
ventional accounting for which charges are based on a 
communication time, is able to calculate flexible charges 
that are consonant with the value of the information that 
is actually provided. A user will pay the information pro- 
viding center 40 an information providing service fee in 
consonance with the type, the quality and the quantity 



of the information that is provided. 

Further, since the accounting charges are assessed 
on an individual unit basis, a user can request only part 
of a desired item of information when he or she does not 
s exactly know what is contained in the requested infor- 
mation item, and can thus minimize a loss that may be 
incurred. 



Second Embodiment 



10 



In this embodiment, as is shown in Fig. 6, an infor- 
mation providing center 40 employs a communication 
terminal 50, which comprises a block encipherer 51 , for 
performing enciphering (and deciphering) according to 
is an algorithm that is specified by a network; a key gen- 
erator 53, for generating a cryptographic key; and a 
counter 52, for obtaining a count of cryptographic keys 
that are employed for enciphering. 

Since a user does not need the counter 52 for his 
20 or her communication terminal, in the design of the com- 
munication terminal for a user the counter 52 is removed 
from the communication terminal 50 of the information 
providing center 40. However, when a user desires in- 
formation concerning a service charge for providing in- 
25 formation to his or her communication terminal, a com- 
munication terminal having the same structure as that 
shown in Fig. 6 may be employed. 

A cryptographic communication network that fur- 
nishes an information providing service is constituted by 
30 the information providing center 40 and users A through 
M, as is shown in Fig 4. 

It should be noted that the counter 52 and the enci- 
pherer 51 in the first embodiment can be employed for 
this embodiment. 
35 The key generator 53 generates, using the common 
key in Fig. 4, a key, in accordance with the algorithm 
that is specified by the network, to be used by the enci- 
pherer 51 . 

The counter 52 obtains the count of operation 
40 clocks for the key generator 53 in order to acquire the 
number of the cryptographic keys that are employed. 
Before the encipherer 51 begins the enciphering oper- 
ation, the value held by the counter 52 is reset using a 
reset signal. When the enciphering has been complet- 
es ed, the value held by the counter 51 is read : and the 
accounting calculations are performed based on the val- 
ue that is read. 



Third Embodiment 



50 



In this embodiment as is shown in Fig. 7, an infor- 
mation providing center 40 employs a communication 
terminal 50, which comprises a block encipherer 51 , for 
performing enciphering (and deciphering) according to 
ss an algorithm that is specified by a network; a pseudo- 
random number generator 54, for generating pseudo- 
random numbers, which are secure from a calculation 
amount, according to the algorithm that is specified by 
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the network; a computing unit 55, for converting pseudo- 
random numbers that are output by the pseudo-random 
number generator 54 into a series of keys for the enci- 
pherer 51: and a counter 52, for obtaining the count of 
feedback calculation repetitions since communication 
was initiated that are required for the generation of pseu- 
do-random numbers that are secure from a calculation 
amount. The count of feedback calculations that are re- 
quired for the generation of pseudo- random numbers 
that are secure from a calculation amount is defined as 
a pseudo-random number generation calculation count. 

The counter 52 obtains the count of operation 
clocks of the pseudo-random number generator 53 to 
acquire the number of feedback calculations. Before the 
encipherer 51 begins the enciphering operation, the val- 
ue held by the counter 52 is reset using a reset signal. 
When the enciphering is completed, the value held by 
the counter 52 is read, and the accounting calculations 
are performed based on the value that is read- 
Since a user does not need the counter 52 for his 
or her communication terminal 60, as is shown in Fig. 
8, in the design of the communication terminal 60 the 
counter 52 is removed from the communication terminal 
50 of the information providing center 40. However, 
when a user desires information concerning a service 
charge for providing information to the communication 
terminal 60, a communication terminal 60 having the 
same structure as that of a communication terminal 50 
shown in Fig 9 may be employed. In this case, a display 
device 56 for displaying a service fee can be provided. 

The communication terminal 60 for a user in Fig. 9 
holds in a buffer 57 a unit charge that is transmitted from 
an information provider, as will be described later in "In- 
formation providing pre procedures of the present inven- 
tion". Then, from the unit charge that is held in the buffer 
57 and the pseudo-random number generation calcula- 
tion count that is held by the counter 52, a fee for the 
information providing service is calculated using a serv- 
ice fee calculation, as will be described later in "Account- 
ing procedures of the present invention", and the ac- 
quired fee is displayed on the display device 56. With 
such a display device 56 provided for the communica- 
tion terminal 60, a user can confirm later that a service 
fee that is charged by the information providing center 
40 is fair. 

It should be noted that the encipherer 51 , the pseu- 
do-random number generator 54, and the computing 
unit 55 in Fig. 1 can be employed for this embodiment. 
Further, the cryptographic communication network 
shown in Fig. 4 is used. 

In this embodiment, enciphering (deciphering) is 
performed while the key for block cryptography is up- 
dated for each of s blocks using a series of keys that is 
generated by the pseudo-random number generator 54 
and the computing unit 55. The value for the variable s 
is determined by employing a pseudo-random number 
generation rate for the pseudo-random number gener- 
ator 54 and an enciphering (deciphering) rate for the 



block encipherer 51 (see the above described reference 
for the details). In a system that specifies the number s, 
the number of feedback calculations that is performed 
by the pseudo-random number generator 54 is substan- 

5 ^ tially proportional to the amount of information to be en- 
ciphered (deciphered). Similarly, the number of keys for 
block cryptography that are used for updating during the 
enciphering of information is substantially proportional 
to the amount of information to be enciphered (deci- 

10 phered). 

When a charge is to be calculated by using propor- 
tional segments of a quantity of enciphered information, 
one of the following size specifications can be employed 
as an information quantity unit for accounting: 

is 

(a) one block; 

(b) the amount of information that is enciphered (de- 
ciphered) while one key is used; and 

(c) the amount of information that is enciphered (de- 
20 ciphered) during one feedback calculation. 

In this embodiment, (c) the amount of information 
that is enciphered (deciphered) during one feedback 
calculation is employed as an information quantity unit 

2S for accounting purposes. The unit size specified in (a) 
and (b) will be explained later in a fourth embodiment. 

In other words, in this embodiment, a charge is as- 
sessed each time a feedback calculation is performed 
by the pseudo-random number generator 54. 

30 in this embodiment, the users A through M of the 
cryptographic communication network in Fig 4 that pro- 
vides an information providing service have a portable 
storage device 70 shown in Fig. 10. A secret key, be- 
longing to the user that owns the portable storage device 

35 70, that is required for cryptographic communication is 
stored in the portable storage device 70. If a user other 
than the owner knows the secret key, secret communi- 
cation is not performed and an authentic information 
providing service can not be provided. Therefore, while 

40 taking secu rity into consideration so as to restrict access 
to a secret key to the owner only, the portable storage 
device 70 is provided for each user, in addition to the 
communication terminal 50. 

Although the portable storage device 70 may be 

45 part of the communication terminal 60, so long as a 
physically secure area can be ensured for each user, 
the communication terminal 60 that can be used for 
cryptographic communication by each other is limited. 
As is shown in this embodiment, it is better for the com- 

50 munication terminal 60 and the portable storage device 
70 to be separately provided and for the secret informa- 
tion belonging to each user to be not stored in the com- 
munication terminal 60. With this arrangement, which is 
convenient for a user, whatever type of communication 

55 terminal 60 a user may use, the user can exchange se- 
cret information via his or her own portable storage de- 
vice 70 for cryptographic communication 

As is shown in Fig 10, the portable storage device 
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70 can exchange information with the communication 
terminal 60 across a safe communication path, and as 
a physically secure area, has holding means 71. Only 
an authorized owner can correctly operate the portable 
storage device 70, and a procedure foe the verification 
of a password, etc., is performed to determine whether 
or not a user is an authorized owner. An IC card, etc., is 
employed as the portable storage device 70. 

As is shown in Fig. 11, the information providing 
center 40 comprises at least each of the following com- 
ponents: the communication terminal 50; a database 41 , 
wherein information to be provided is stored; an ac- 
counting device 42, for calculating a charge for each 
quantity unit of information that is provided; and a stor- 
age device 43. wherein are stored the secret keys of all 
the users, which are required for cryptographic commu- 
nication, and service fee information. In Fig. 11, a plu- 
rality of communication terminals 50 are provided to en- 
able the simultaneous transmission of information to a 
plurality of users. For a larger information providing sys- 
tem, more than one database 41, accounting device 42 
and storage device 43 may be provided. 

In the database 41 that is designed as is shown in 
Fig. 12 are stored information that is to be provided for 
users and a corresponding charge for an information 
quantity unit. The charge for a quantity unit that differs 
depending on the information types is called a unit 
charge. A name is given to information so that a user 
can specify information. The above described database 
41 can be easily designed by using a conventional da- 
tabase as a base. 

The storage device 43 that is designed as is shown 
in Fig. 13 has a key storage area, in which a secret key 
that is required for cryptographic communication is 
stored for each user who is a member of the information 
providing network; and a cumulative account total stor- 
age area, in which is stored a accumulative account total 
of service fees assessed during a specific period. This 
period is called a service fee totalization period. The fee 
totalization period is specified as one month, for exam- 
ple. The information providing center 40 employs the cu- 
mulative fee total for each user that is stored in the cu- 
mulative account total storage area to calculate an in- 
formation providing service fee for each user during the 
fee totalization period, and charges the user the calcu- 
lated fee. When a specific tee totalization period has ex- 
pired, the service fee for each user during the period 
that it was stored in the cumulative account total storage 
area is shifted as backup information to another storage 
means, and a service fee for each user in the cumulative 
account total storage area is reset. 

The accounting device 42 is designed as is shown 
in Fig. 14. The accounting device 42, which calculates 
the fee for information that is currently being provided, 
can extract unit charge information from the database 
41. When the communication is terminated, the ac- 
counting device 42 can extract the pseudo-random 
number generation calculation count from the counter 



52 in the communication terminal 50. In addition, the ac- 
counting device 42 calculates an information service fee 
by using the unit charge information and the pseudo- 
random number generation calculation count, adds the 

s service fee to the cumulative account total, of a user to 
whom information was provided, that is held in the stor- 
age device 43 to update the cumulative account total, 
and writes the new cumulative account total for the user 
in the cumulative account total storage area in the stor- 

10 age device 43. 

An explanation will now be given for algorithms, for 
block cryptography and for the generation of pseudo- 
random numbers that are secure from a calculation 
amount and that are actually employed by the commu- 

15 nication terminal in this embodiment. 

in this embodiment, DES cryptography is used as 
an algorithm for block cryptography and a square-type 
pseudo-random number is employed as an algorithm for 
generating pseudo-random numbers that are secure 

20 from a calculation amount. The DES cryptography is 
common-key block cryptography having a block length 
of 64 bits, and a key is 56 bits. 

A square-type pseudo-random number sequence is 
a sequence b v b 2 , . . ., which is generated by the fol- 

2S lowing procedures. 

Square-type pseudo-random number sequence 

Supposing that p and q are prime numbers that sat- 
30 isfy p = q = 3 (mod 4), and N = p • q, a bit sequence, 

b 1 , b 2 which is acquired from initial value x 0 (x is 

an integer such that 1 < Xq < N-1 ) and the following re- 
flexive relations: 

35 x j+1 = Xj 2 mod N (i = 0, 1 , 2, . . . ) (3) 

bj = lsbj(x- ( ) (i = 1.2, . ..) (4), 

40 

is called a square-type pseudo-random number se- 
quence. 

It should be noted that Isbj(xi) represents the lower 
j bits, and when the number of bits for modulo N is n, j 

45 =0(log 2 n). 

The square-type pseudo- random number se- 
quence is one that is secure from a calculation amount 
when it is assumed that determination of a root remain- 
der for N is difficult from the view of a calculation amount. 

50 The pseudo- random number generator 54 for gen- 
erating the square-type pseudo-random number se- 
quence is shown in Fig. 15. 

In order to adequately secure the square-type pseu- 
do-random numbers, bit count n for modulo N in the 

55 square expression (3) is 51 2. Secret keys (initial values 
for the pseudo-random number generator 54) K A , 
K B , . . . : which are employed in common between the 
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information providing center 40 and the individual sub- 
scribers, are 1 < K A , K B , . . < N-1. 

When the user A in Fig. 4 specific information from 
the information providing center 40, the informatbn pro- 
viding center 40 transmits the requested information to 
the user A, and in accordance with Ihe following proce- 
dures, charges the user a fee for the information provid- 
ing service. 

It is assumed that the user A has received the infor- 
mation service from the information providing center 40 
several times during a current service fee totalization 
period, and that the accumulative charge for the user A 
for the current period, which is stored in the cumulative 
account total storage area in the storage device 43, is 
Charge A . Further it is assumed that the name of the in- 
formation for which the user A requests the service is 
Info, and that a unit charge (charge for one feedback 
calculation) for Info is UC lnfcr Although the user A is no- 
tified of the information name Info and the unit charge 
UC| n f 0 , the user A does not have precise information 
concerning the contents, and thus first requests the in- 
formation providing center 40 to provide a part of the 
information Info. It should be noted that the size of a part 
of the information is sufficiently large for the feedback 
calculation according to expression (3) to be performed 
i times in order to carry out the supplying of cryptograph- 
ic information. 

In the following explanation, it is assumed that au- 
thorization of the authentic user A to use his or her own 
portable storage device 70 has been obtained, and that 
the portable storage device 70 is so set in the operating 
state that it can communicate with the communication 
terminal 60. In addition, it is assumed that authorization 
has been obtained for the user A, as an authentic sub- 
scriber, to use the information providing center 40. The 
two authorizations can be provided by a well known au- 
thorization technique. 

Information providing preprocedures 

1. The user A requests that the information provid- 
ing center 40 provide for the service for Info, detail- 
ing at the same time that part of the information that 
is desired. 

2. Upon the request from the user A that the service 
for Info be provided, the information providing cent- 
er 40 calculates a charge for the information provid- 
ing service by using the unit charge UC lnfo for Info 
and the part of the information that is requested by 
the user, and transmits the obtained service fee in- 
formation to the user A. When the user A employs 
the communication terminal 60 shown in Fig. 9 : the 
unit charge UC ln(o is also transmitted to the user A. 

3. If the user A agrees with the received service fee 
information relative to the requested part of Info, the 
user A requests that the information providing cent- 
er 40 provide the service for Info. When the user A 
employs the communication terminal 60 shown in 



Fig. 1 1 , the received unit charge UC, nfo is held in 
the buffer 57. 

If the user does not agree with the received service 
5 fee information, the user requests that the information 
providing center 40 cancel the service for Info, and this 
procedure is thereafter terminated. 

The following procedure is employed when the user 
A requests that the information providing center 40 pro- 
io vide the service for information Info. 

Information providing procedures (for information 
providing center) 

15 1 . The counter 52 of the communication terminal 50 
that is used for communication with the user A is 

reset. 

2. For the generation of pseudo-random numbers, 
secret key K A , which is held for user A in the key 

20 storage area in the storage device 43, is set as initial 
value x 0 for the pseudo-random number generator 
54 in the communication terminal 50. 

3. The pseudo-random number generator 54 of the 
communication terminal 50, which is used forcom- 

25 munication with the user A, is operated to generate 
a pseudo-random number sequence that is secure 
from a calculation amount. 

4. The computing unit 55 converts the generated 
pseudo-random number sequence into a series of 

30 keys for block cryptography 

5. The series of keys that is output by the computing 
unit 55 is updated as keys for block cryptography, 
and the encipherer 51 employs the keys to convert 
the requested part of the information Info into enci- 

35 phered text. When the enciphering is completed, 
the pseudo-random number generation calculation 
count, which is held by the counter 52 of the com- 
munication terminal 50, is incremented to i. 

40 Information providing procedures (for user A) 

1 . For the generation of pseudo-random numbers, 
the secret key K A , which is held in the portable stor- 
age device 70, is set as initial value Xq for the pseu- 

45 do-random number generator 54 in the communi- 
cation terminal 60. 

2. The pseudo-random number generator 54 of the 
communication terminal 60 is operated to generate 
a pseudo-random number sequence that is secure 

so from a calculation amount. 

3. The computing unit 55 converts the generated 
pseudo-random number sequence into a series of 
keys for block cryptography. 

4. The series of keys that is output by the computing 
55 unit 55 is updated as keys for block cryptography, 

and the encipherer 51 employs the keys to convert 
the enciphered text into plaintext. 
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The accounting procedures employed after the 
service for Info from the information providing center 40 
is terminated are shown below. 

Accounting procedures (for information providing 
center) 

1. The accounting device 42 extracts the unit 
charge information UC )nfo for Infofrom the database 
41 , and also the pseudo-random number genera- 
tion calculation count i from the counter 52 of the 
communication terminal 50, which performs the 
communication with the user A. 

2. The accounting device 42 calculates an informa- 
tion service fee by using the unit charge information 
UC 

info anc * * ne pseudo-random number generation 
calculation count i. In this case, the fee is i x UC, nfo . 

3. The accounting device 42 adds charge i x UC, nfo 
to the cumulative account total Charge A that is held 
in the storage device 43 for the user A to acquire 
new cumulative account total Charge A +i x UC )nfo . 
The accounting device 42 writes the new cumula- 
tive account total Charge A +i x UC| nfo to the cumu- 
lative account total storage area for the user A in 
the storage device 43. 

Each time the service fee totalization period ex- 
pires, the information providing center 40 charges indi- 
vidual users the cumulative account total user fees. Fur- 
ther, when the service fee totalization period has ex- 
pired, the service charge, for each user for the period, 
that is held in the cumulative account total storage area 
is moved as backup information to another storage 
means, and the service fee for each user in the cumu- 
lative account total storage area is reset. 

Through the above described procedures, an ac- 
counting system that reflects the type and quality of in- 
formation can be provided. More specifically, in ad- 
vance, the information providing center 40 specifies a 
unit charge for information to be provided that is in con- 
sonance with the information type or quality, and can 
thus assess a flexible charge in accordance with the val- 
ue of information, unlike conventional accounting, which 
depends on a communication time. A user will pay the 
information providing center 40 an information providing 
service tee that is in consonance with the type, the qual- 
ity and the quantity of the provided information. 

Further, since a fee is assessed for each unit, a user 
can request only a part of the desired information when 
he or she does not exactly know the contents of the de- 
sired information, and can thus minimize any loss that 
may be incurred. 

In "Accounting procedures" described above, a fee 
for each feedback calculation is employed as unit 
charge information UC (nfo . However, the accounting 
method also includes a method whereby unit charge in- 
formation is employed a plurality of times (e.g. , w times) 
as a fee for feedback calculations and a charge is as- 



sessed each time the pseudo-random number genera- 
tion calculation count is a multiple of w. 

For "Information providing procedures" described 
above, there is a method whereby from the beginning 

5 the obtained pseudo-random n umber sequence is divid- 
ed by the computing unit 55 into individual key bit 
lengths (56 bits each) for DES cryptography, and the di- 
vided bit sets are employed as keys for the DES cryp- 
tography. Another method, whereby the computing unit 

io 55 converts the pseudo-random number sequence into 
the series of keys for the DES cryptography, may be em- 
ployed so long as it is common to a network that offers 
information providing service. 

Any number of blocks may be enciphered (deci- 

15 phered) using one specific key, so long as the blocks 
are used in common for a network that offers information 
providing service. Further, the bit count that is deter- 
mined by expression (4) can be used as b h Although the 
modulo N in the square calculation is 51 2 bits, any other 

20 bit count can be used, so long as it can be secure from 
a calculation amount. 

Although DES cryptography is employed as block 
cryptography in this embodiment, the cryptography 
used is not limited to DES, and any other common -key 

25 cryptography, such as FEAL cryptography, can be used. 
In addition, although a single DES encipherer is used 
as the encipherer 51 , a plurality of DES encipherers or 
a combination of a DES encipherer and a FEAL enci- 
pherer can be employed. 

30 Further, although the square-type pseudo-random 
numbers are used as an algorithm for generation of 
pseudo-random numbers that are secure for a calcula- 
tion amount, another algorithm that is used to generate 
pseudo-random numbers that are secure from a calcu- 

35 lation amount can be used. As is described in the above 
reference, Tsujii and Kasahara, "Cryptography and in- 
formation Security", Shokosha, p. 86, 1990, for exam- 
ple, an algorithm for which RSA cryptography, discrete 
logarithms, or reciprocal cryptography is employed-can 

40 also be applied as the algorithm for the present invention 
for the generation of pseudo-random numbers. 

Fourth Embodiment 

45 When a charge that is assessed is proportional to 
the amount of enciphered information, the unit sizes 
specified in (a), (b) or (c) in the third embodiment can 
be employed as information quantity units for account- 
ing purposes. In the third embodiment, (c) the amount 

50 of information that is enciphered (deciphered) during 
one feedback calculation was employed as the informa- 
tion quantity unit. In this embodiment, the other two siz- 
es specified in (a) and (b) are employed as units. In Fig. 
12 is shown a terminal 50 for which "(a) one block" is 

55 employed as an information quantity unit, and in Fig. 1 3 
is shown a communication terminal 50 for which "(b) the 
amount of information that is enciphered (deciphered) 
while one key is used" is employed as an information 
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quantity unit. 

The communication terminal 50 in Fig. 16 compris- 
es an encipherer 51, for performing enciphering (deci- 
phering) according to an algorithm that is specified by a 
network; a pseudo-random number generator 54. for $ 
generating pseudo-random numbers, which are secure 
from a calculation amount, according to an algorithm 
that is specified by the network; a computing unit 55, for 
converging pseudo-random numbers, which are output 
by the pseudo- random number generator 54, to provide 
a series of keys for the encipherer 51 ; and a counter 52, 
for obtaining the count of blocks that are enciphered to 
provide information. 

The communication terminal 50 in Fig. 17 compris- 
es an encipherer 51, for performing enciphering (deci- 
phering) according to an algorithm that is specified by a 
network; a pseudo-random number generator 54 : for 
generating pseudo-random numbers, which are secure 
from a calculation amount, according to an algorithm 
that is specified by the network; a computing unit 55, for 
converging pseudo-random numbers, which are output 
by the pseudo-random number generator 54, to provide 
a series of keys for the encipherer 51 ; and a counter 52, 
for obtaining the count of cryptographic keys that are 
employed to provide information. 

Even when the communication terminal 50 in Fig. 
16 or Fig. 17 is employed, the other components of an 
information communication network are the same as 
those in the third embodiment. Although the information 
providing procedures are basically the same, a unit 
charge for a database 41 of an information providing 
center 40 is a charge for one block, or a charge for one 
key The display device 56 shown in Fig. 9 can be pro- 
vided for both communication terminals 50 in Figs. 16 
and 17. 

Fifth Embodiment 

In the third embodiment, since a key that is em- 
ployed in common between the information providing 
center 40 and each user is fixed, the initial value for the 
pseudo-random number generator 54 is a constant val- 
ue when the user is the same. Since the same enci- 
phered text is generated tor transmitting the same infor- 
mation, the security is inadequately maintained. 

In this embodiment, even if the user is the same, 
the initial value of the pseudo-random number generator 
is altered each time to improve security. 

An explanation will be given for a case wherein DES 
cryptography is employed as an algorithm for block 
cryptography and square-type pseudo-random num- 
bers are employed as an algorithm for generating pseu- 
do-random numbers that are secure from a calculation 
amount. 

In this embodiment, as is shown in Fig. 18, a user 
who receives information servicing and an information 
providing center 40 have, respectively, the communica- 
tion terminals 60 and 50, each of which comprises an 



encipherer 51, for performing enciphering (deciphering) 
according to an algorithm that is specified by a network; 
a pseudo-random number generator 54, for generating 
pseudo- random numbers that are secure from a calcu- 
lation amount according to an algorithm that is specified 
by the network; a computing unit 55, for converting 
pseudo-random numbers that are output from the pseu- 
do-random number generator 54 to obtain a series of 
keys for the encipherer 51 ; and a counter 52, for provid- 
ing a count of feedback calculations, which are required 
for the generation of pseudo-random numbers that are 
secure from a calculation amount, that have been per- 
formed since the initiation of communication. 

In expressions (3) and (4) in the third embodiment, 
which are the procedures for generating pseudo-ran- 
dom numbers, x^.,, which is sequentially updated by the 
feedback calculation, is called an internal variable of the 
pseudo-random number generator 54. 

The pseudo-random number generator 54 in this 
embodiment includes a processor 54a for performing 
feedback calculation of expression (3) and a processor 
54b for performing feedback calculation of expression 
(4), as is shown in Fig. 19, and reads the internal varia- 
ble that is updated by expression (3). 

At the communication terminal 50 of the information 
providing center 40, the internal variable that is read is 
stored in a key storage area in a storage device 43. At 
the communication terminal 60 of a user, the internal 
variable is stored in holding means 71 of a portable stor- 
age device 70. In the third embodiment, only the initial 
value from the storage device 43 is set to the pseudo- 
random number generator 54, or only the initial value 
from the portable storage device 70 is set to the pseudo- 
random number generator 54, and the movement of da- 
ta is unidirectional. In this embodiment, in the reverse 
direction, the internal variable in the pseudo-random 
number generator 54 can be read. A common key, which 
was used for the current information servicing, is then 
replaced by the internal variable that was read and that 
will be used as a common key lor the next information 
servicing. 

An accounting device 42 in this embodiment has the 
same structure as in the third embodiment. 

As well as in the third embodiment, an explanation 
will be given tor a case wherein a user A receives infor- 
mation from the information providing center 40 across 
the network shown in Fig. 4. It is assumed that the name 
of the information that the user A requests is lnfo : and 
that the requested amount of information is sufficiently 
large for the feedback calculation of expression (3) to 
be performed i times for cryptographic communication. 
As the "Information providing prepocedures" and 'Ac- 
counting procedures" (for information providing center) 
" are performed in the same manner as those in the third 
embodiment, an explanation for them will not be given. 

The following procedures are performed when the 
user A requests that the information providing center 40 
provide the service for the information Info 
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Information providing procedures (for information 
providing center) 

1 . The counter 52 of the communication terminal 50 
that is used for communication with the user A is 
reset. 

2. For the generation of pseudo-random numbers, 
secret key K A , which is held for the suer A in the key 
storage area in the storage device 43, is set as initial 
value x 0 for the pseudo-random number generator 
54 in the communication terminal 50. 

3. The pseudo-random number generator 54 of the 
communication terminal 50, which is used for com- 
munication with the user A, is operated to generate 
a pseudo-random number sequence that is secure 
from a calculation amount. 

4. The computing unit 55 converts the generated 
pseudo-random number sequence into a series of 
keys for block cryptography. 

5. The series of keys that is output by the computing 
unit 55 is updated as keys for block cryptography, 
and the encipherer 51 employs the keys to convert 
the requested part of the information Info into enci- 
phered text. When the enciphering is completed, 
the pseudo-random number generation calculation 
count, which is held by the counter 52 of the com- 
munication terminal 50, is incremented to i, and an 
internal variable is x } . 

6. The internal variable X; is read from the storage 
device 43 by the pseudo-random number generator 
54, and is held as a secret key K A for the user A in 
the key storage area in the storage device 43, so 
that the new key can be used for the next informa- 
tion servicing for the user A. 

Information providing procedures (for user A) 

1. For the generation of pseudo-random numbers, 
the secret key K A , which is held in the portable stor- 
age device 70, is set as initial value Xq for the pseu- 
do-random number generator 54 in the communi- 
cation terminal 60. 

2. The pseudo-random number generator 54 of the 
communication terminal 60 is operated to generate 
a pseudo-random number sequence that is secure 
from a calculation amount. 

3. The computing unit 55 converts the generated 
pseudo-random number sequence into a series of 
keys for block cryptography. 

4. The series of keys that is output by the computing 
unit 55 is updated as keys for block cryptography, 
and the encipherer 51 employs the keys to convert 
the enciphered text into plaintext. 

5. The internal variable Xj is read from the portable 
storage device 70 by the pseudo-random number 
generator 54, and is held as a secret key K A in the 
storage means of the portable storage device 70, 
so that the new key can be used for the next infor- 



mation request. 

Through the above procedures, although informa- 
tion is requested by the same user, the initial value that 

s is input to the pseudo-random number generator 54 dif- 
fers for each information communication exchange. 
Thus the same key series is not generated by the pseu- 
do-random number generator 54 and information that is 
provided to the same user can be enciphered by using 

io a different key series for each communication ex- 
change, and as a result, the security for block cryptog- 
raphy can be improved. 

Further, in this embodiment as well as in the first 
embodiment, the unit sizes (a), (b) or (c) described 

is above can be employed as information quantity units for 
calculating a charge that is proportional to the amount 
of information that is enciphered by the enciphering sys- 
tem of this embodiment. 

In this embodiment, the unit amount of information 

20 for accounting purposes is defined as (c) the amount of 
information that is enciphered (deciphered) during one 
feedback calculation. The communication terminals 50 
and 60, for which is employed "(a) one block" or "(b) the 
amount of information that is enciphered (deciphered) 

2S during the employment of one key", can be designed 
with the same structure as in the third embodiment. 

In addition, like the third embodiment, a display de- 
vice 56 for displaying a service charge can be provided 
for both communication terminals 50 and 60 With the 

30 display device 56, a user can confirm later that the serv- 
ice fee that is charged by the information providing cent- 
er 40 is fair. 

As is described above, according to the above de- 
scribed embodiments, the accounting system that re- 

35 fleets the information type and the quality of the service 
can be provided. The information providing center can 
specify a unit charge lor information to be provided in 
accordance with the information type or the service 
quality, so that a user can pay the information providing 

40 center an information providing service fee that is in con- 
sonance with the type, the quality and the quantity of the 
information provided. Therefore : the information provid- 
ing center can assess an information service charge in 
accordance with the quality of the information that is pro- 

45 vided. Further, since a fee is assessed for each unit, a 
user can cancel the reception of information when the 
received information differs from what he or she desires, 
and can thus minimize any loss that may be incurred. 
Sixth through fourteenth embodiments of the 

50 present invention, wherein an enciphering rate can be 
varied, will be explained. These embodiments are es- 
tablished based on the following points of view. 

Sixth Embodiment: A plurality of clocks are pre- 
pared for a general enciphering system in order to set 

55 an enciphering (deciphering) rate. 

Seventh Embodiment: A plurality of circuits for re- 
peating an enciphering process are prepared for a gen- 
eral enciphering system in order to set an enciphering 
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(deciphering) rate. 

Eighth Embodiment: A circuit for repeating an enci- 
phering process is prepared tor a general enciphering 
system and selects a repetition count for the process in 
order to set an enciphering (deciphering) rate- 
Ninth Embodiment: A plurality of clocks are pre- 
pared for a pseudo-random number generator in order 
to set a generation rate. 

Tenth Embodiment: A plurality of circuits for repeat- 
ing a generation process are prepared for a pseudo-ran- 
dom number generator in order to set a generation rate. 

Eleventh Embodiment: An internal variable of a 
pseudo-random number generator, the generation rate 
of which can be set, can be read. 

Twelfth Embodiment: A pseudo-random number 
generator and an encipherer, for one of which the 
processing rate can not be set, are employed for an en- 
ciphering system according to this embodiment. 

Thirteenth Embodiment: A plurality of clocks are 
prepared (or an enciphering system thai comprises a 
pseudo-random number generator, a computing unit, 
and a block encipherer, in order to set an enciphering 
(deciphering) rate and a generation rate. 

Fourteenth Embodiment: Means for setting an en- 
ciphering (deciphering) rate and means for setting a 
pseudo-random number generation rate are integrally 
provided for the enciphering system according to the 
twelfth embodiment. 

Sixth Embodiment 

In this embodiment, employed for cryptographic 
communication is a communication terminal 60 shown 
in Fig. 20, which comprises an encipherer 30 for per- 
forming enciphering (and deciphering) according to an 
algorithm that is specified by a network; a communica- 
tion interface 40; and an enciphering rate setting device 
50. 

The enciphering rate of the encipherer 30 can be 
set by the enciphering rate setting device 50. This can 
be performed in such a manner that a plurality of clocks 
having different frequencies are prepared to operate the 
encipherer 30, and from among them, one operation 
clock is selected in accordance with the enciphering rate 
that is externally set. 

In Fig. 21 is shown an example enciphering rate set- 
ting device 50, which comprises t clock generators 51 
and a selector 52. Each of the clock generators 51 , CK- 
qi. generates a clock signal q t . The clock signals q v 
q 2 , . . . and q ( that are generated by the clock generators 
51 are transmitted to the selector 52, and a subscriber 
that uses the communication terminal 60 selects one of 
the clock signals. The selector 52 is controlled by using 
a rate setting signal. 

The communication interface 40 is employed to 
transmit to, or receive from, a transfer path information 
that indicates an enciphering (deciphering) rate and en- 
ciphered text from the encipherer 30 



The cryptographic communication network em- 
ployed for this embodiment is shown in Fig. 4. In ad- 
vance, inherent and secret keys are employed in com- 
mon between subscribers of a network. A, B, C, . . . and 

5 N are network subscribers, and K AB , K AC , . . . are re- 
spectively a key that is used in common between sub- 
scribers A and B : a key that is used in common between 
subscribers A and C Joint ownership of a key can be 
accomplished by the manager of a network setting such 

10 a key in advance. Further, the joint ownership of a key 
can be provided by a well known system for establishing 
the joint ownership of a key, as is described in Tsujii and 
Kasahara, "Cryptography And Information Security", 
Shokosha Co., Ltd., pp. 72 and 73, and pp. 97 to 104, 

15 1990. 

For cryptographic communication from the sub- 
scriber A to the subscriber B, according to the present 
invention, the following procedures are performed. 

20 Preprocedures 1 for cryptographic communication 

1 . The sender A transmits information that indicates 
the processing rate for the encipherer 30 to the re- 
ceiver B via the communication interface 40. 

25 2. The receiver B receives from the sender A via the 
communication interface 40 the information that in- 
dicates the processing rate for the encipherer 30, 
confirms that the encipherer 30 of the communica- 
tion terminal 60 of the receiver B can handle infor- 

30 mation at the designated processing rate, and noti- 
fies the sender A via the communication interface 
40 that it is ready to begin cryptographic communi- 
cation. When it is difficult for the receiver B to handle 
information at the designated processing rate, the 

35 receiver B transmits a processing rate of which it is 
capable to the sender A via the communication in- 
terface 40. 

3. The above procedures are repeated until both 
subscribers agree on the processing rate for the en- 
40 cipherer 30. 

Although in the preprocedures 1, the sender has 
transmitted information that indicates the processing 
rate for the encipherer 30, it is possible for the receiver 
45 to specify the rate as follows. 

Preprocedures 2 for cryptographic communication 

1 . The receiver B transmits to the sender A via the 
50 communication interface 40 a request for informa- 
tion service, and information that indicates the 
processing rate for the encipherer 30. 

2. The sender A receives from the receiver B via the 
communication interface 40 the request for informa- 

55 tjon service and the information that indicates the 

processing rate for the encipherer 30, confirms that 
the encipherer 30 of the communication terminal 60 
of the sender A can handle information at the des- 
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ignated processing rate, and notifies the receiver B 
via the communication interface 40 that it is ready 
to begin cryptographic communication. When it is 
difficult for sender A to handle information at the 
designated processing rate, the sender A transmits 
a processing rate of which it is capable to the re- 
ceiver B via the communication interface 40. 
3. The above procedures are repeated until both 
subscribers agree on the processing rate for the en- 
cipherer 30. 

The above described procedures are very effective 
when the sender does not know the processing rate that 
can be set on the receiver's side, or when the receiver 
does not know the processing rate that can be set on 
the sender's side. When the sender knows the process- 
ing rate that can be set on the receiver's side, or when 
the receiver knows the processing rate that can be set 
on the sender's side, only procedure 1. need be per- 
formed to begin the next cryptographic communication. 

For a cryptographic communication network that 
employs a key co-ownership system wherein a sender 
and a receiver exchange a cryptographic key before 
commencing cryptographic communication, not only in- 
formation for owning a key in common but also informa- 
tion for a processing rate.can be used in common as a 
key co-ownership protocol In this case, only procedure 
1 . need be performed to start cryptographic communi- 
cation. 

An explanation will be given for the procedures for 
selecting a processing rate for the encipherer 30 at 
which enciphering (deciphering) will be performed be- 
tween the sender A and the receiver B. 

Enciphered data communication procedures (for sender 
A] 

1 . The processing rate is set in consonance with a 
rate setting signal to a value that is determined by 
employing the preprocedures. 

2. Secret key K AB , which is used in common with 
the receiver B, is set to the encipherer 30 in ad- 
vance. 

3. The data are enciphered by the encipherer 30, 
and the enciphered data are transmitted to the re- 
ceiver B via the communication interface 40. 



Enciphered data communication procedures (for 
receiver B) 



1 . The processing rate is set in consonance with a 
rate setting signal to a value that is determined by 
employing the preprocedures. 

2. Secret key K AB , which is used in common with 
the sender A, is set to the encipherer 30 in advance. 

3. The enciphered data are received from the send- 
er A across a transfer path via the communication 
interface 40, and are deciphered by the encipherer 



30. 

Through the above procedures, the enciphering 
rate can be selected with a high degree of freedom. 
s Even when the communication terminals 60 of the send- 
er and the receiver differ in their processing capabilities, 
they can be adjusted by performing procedures 1 and 
2, so that cryptographic communication is possible. 
Therefore, when, for example, enciphered real-time in- 
to formation is to be exchanged between the communica- 
tion terminals 60 of subscribers whose processing ca- 
pabilities differ, the communication quality is lowered 
and the quantity of information is reduced, and as a re- 
sult, cryptographic communication can be performed in 
is consonance with an enciphering rate for a communica- 
tion terminal having a low capability. 

The preprocedures 1 and 2 do not have to be per- 
formed for each communication exchange. For exam- 
ple, If the sender and the receiver agree to a specific 
20 processing speed in advance and perform communica- 
tion at that processing speed, the preprocedures 1 and 
2 are not required. 

Each subscriber of a cryptographic communication 
network may have the portable storage device 70 shown 
2S in Fig. 22 tor the storage of secret information, such as 
a user's key that is required for cryptographic commu- 
nication In the portable storage device 70 is stored se- 
cret information for each user that is required for cryp- 
tographic communication. Taking security into consider- 
30 ation, the portable storage device for each user is pro- 
vided separately from the communication terminal 60. 
Although the portable storage device 70 may be a part 
of the communication terminal 60, so long as a physi- 
cally secure area for each user is ensured, the use of 
35 the communication terminal 60 for cryptographic com- 
munication for each user is limited. It is better that the 
communication terminal 60 and the portable storage de- 
vice 70 is separately provided and that secret informa- 
tion for each user not be stored in the communication 
40 terminal 60. With this arrangement, which is convenient 
for users, whatever types of communication terminals 
60 users may use, the users can exchange secret infor- 
mation via their own portable storage devices 70 for 
cryptographic communication exchanges. 
45 The portable storage device 70 can exchange infor- 
mation with the communication terminal 60 across a 
safe communication path, and has a physically secure 
area as holding means 71. Only an authorized owner 
can correctly operate the portable storage device, and 
50 the procedure for verifying a password, etc., is per- 
formed to determine whether or not a user is an author- 
ized owner. An IC card, etc., is employed as the portable 
storage device 70. 

The portable storage device 70 can be employed in 
55 the following seventh through fourteenth embodiments. 
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Seventh Embodiment 

In this embodiment, a communication terminal 
shown in Fig. 23 is employed for cryptographic commu- 
nication. Because it is simple, DES cryptography is used 5 
as an enciphering system in this embodiment. Since 
DES cryptography is an algorithm by which the same 
process is repeated at 16 stages ; as was previously de- 
scribed, a single circuit can perform the repetitive proc- 
ess. If a circuit is fabricated by employing a one-stage to 
DES enciphering process as one processing unit (PE), 
an encipherer 30 described below can be provided for 
which the processing rate can be changed. 

In this embodiment, the DES enciphering circuit is 
fabricated by using a plurality of circuits, wherein a se- is 
lector is located at each PE input terminal, to provide 
the encipherer 30 for which the enciphering (decipher- 
ing) rate can be changed in consonance with a desired 
rate. An example encipherer 30, according to the 
present invention, for which the processing rate can be 20 
varied, is shown in Fig. 24. The encipherer 30 in Fig. 24 
comprises two PEs (operators) 31, PE3 and PE4, that 
are processors for one stage of DES enciphering; and 
two selectors 32, selector 3 and selector 4. The selec- 
tors 32 are controlled by a rate setting signal. 25 

When the encipherer 30 is to be operated at high 
speed, both PEs are used for enciphering. More specif- 
ically, when the operation is begun, the selector 3 se- 
lects signal 3a while the selector 4 selects signal 4b. 
Thereafter, the selector 3 selects signal 3b and the PE3 30 
and PE4 are used repeatedly, eight times each. 

When the encipherer 30 is to be operated at a low 
speed, only one PE (PE4) is used for enciphering. More 
specifically, when the operation is begun, the selector 4 
selects signal 4a. The selector 4 thereafter selects sig- 35 
nal 4c and the PE4 is used repeatedly, 16 times. The 
selector 3 and PE3 are not employed. In this case, the 
time required for DES enciphering is twice the time re- 
quired when two PEs are employed, and the processing 
rate is reduced by half. 40 

Further, when the encipherer 30 is to be operated 
at a low speed, the PE3 and PE4 use different keys to 
perform enciphering for different users. More specifical- 
ly, when the operation is begun, the selector 3 selects 
signal 3a white the selector 4 selects signal 4a. There- 45 
after, the selector 3 selects signal 3c while the selector 
4 selects signal 4c, and the PE3 and PE4 are used re- 
peatedly, 16 times each. At this time, if the keys for dif- 
ferent users are set by the PE3 and the PE4, enciphered 
text for different subscribers can be acquired. so 

That is, a plurality of such PEs are prepared to pro- 
vide the encipherer 30, and the processing route is de- 
termined in consonance with a requested processing 
rate, so that the encipherer 30 for which the processing 
rate can be varied can be obtained. Although two PEs 55 
were employed in Fig. 24 : the present invention does 
not limit the number of PEs that may be used. 

The communication interface 40 in the sixth embod- 



iment can also be used in this embodiment, and the 
cryptographic communication network shown in Fig. 4 
is used. 

The cryptographic communication from subscriber 
A to subscriber B is performed using the same proce- 
dures as those in the sixth embodiment, 

In this embodiment as well as in the sixth embodi- 
ment, even if the enciphering capabilities of the commu- 
nication terminals 60 of the sender and the receiver dif- 
fer, cryptographic communication can be performed. 

Eighth embodiment 

Because of its simpleness, the DES cryptography 
is also used as an enciphering system also in this em- 
bodiment. Cryptography communication is performed 
by using a communication terminal 60 shown in Fig. 23. 
In addition, an encipherer 30 shown in Fig. 25 is em- 
ployed that comprises: a PE 31 (PES) for performing a 
one-stage process for DES cryptography, and a selector 
32 (selector 5). The selector 32 is controlled by a rate 
setting signal. 

Cryptographic communication at high power for 
which the encipherer 30 is used is provided by perform- 
ing the enciphering process using the PES many times. 
More specifically, when operation is begun, the selector 
5 selects signal 5a, and thereafter selects signal 5b, and 
the PES is used repeatedly until a desired power is ob- 
tained. Since, for example, 16-stage DES enciphering 
is performed, the PE5 may be repeatedly used more 
than 16 times to increase the power relative to that of 
DES cryptography. It should be noted that the encipher- 
ing rate is reduced in inverse proportion to the count at 
which the PE5 is repeatedly used. 

Cryptographic communication at a low power for 
which the encipherer 30 is employed can be provided 
by performing the enciphering process using the PES at 
a reduced count. It should be noted that the enciphering 
rate is increased as the use count after the PES is re- 
duced. Since 16-stage processes are performed for 
DES cryptography, the PES can be repeatedly used few- 
er than 16 times to decrease the power relative to that 
of DES cryptography. 

In other words, the rate setting signal 5 for control- 
ling the selector 5 can be used to change the power of 
cryptography and its enciphering rate. 

Although one PE was used in Fig. 25, the number 
of PEs is not particularly limited. 

The communication interface 40 in the sixth embod- 
iment can also be used in this embodiment, and the 
cryptographic communication network shown in Fig. 4 
is used. 

The cryptographic communication from subscriber 
A to subscriber B is performed using the same proce- 
dures as those in the sixth embodiment. 

According to this embodiment, cryptographic com- 
munication can be so performed that the cryptographic 
power for the communication terminals 60 can be se- 
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lected by the sender and the receiver. 
Ninth Embodiment 

In this embodiment, a pseudo-random number gen- 
erator 10 is employed lor which a pseudo-random 
number generation rate can be set by a generation rate 
setting device. 

In this embodiment, as is shown in Fig. 26, the gen- 
eration rate for the pseudo-random number generator 
10 can be set by the pseudo-random number rate set- 
ting device 1 3. This can be performed in such a manner 
that a plurality of clocks with different frequencies are 
prepared to operate the pseudo-random number gener- 
ator 10, and from among them, one operation clock is 
selected in consonance with the pseudo-random 
number generation rate that is externally set. 

It should be noted that the generation rate setting 
device 13 shown in Fig. 21 is employed in this embodi- 
ment. 

The algorithm used for generation of a pseudo-ran- 
dom number sequence is not limited to the one that is 
employed in this embodiment, any algorithm can be 
used. An explanation will be given for a case wherein 
employed is an algorithm for generation of a pseudo- 
random number sequence that is secure from a calcu- 
lation amount, especially, an algorithm for generation of 
a square-type pseudo-random number sequence. 

A square-type pseudo-random number sequence is 
a sequence b v b 2 , . ., which is generated by using the 
following procedures. 

Square-type pseudo-random number sequence 

Supposing that p and q are prime numbers that sat- 
isfy p = q = 3 (mod 4) and N = p - q, a bit sequence, b-,, 
b 2 , . . which is acquired by initial value x 0 (where x is 
an integer 1 < x 0 < N-1 ) and the following reflexive rela- 
tions: 

x i+1 - x^mod N (i - 0, 1,2 ) (3) 

b i = isb^x^ (i = 1.2. . ..) (4), 

is called a square-type pseudo-random number se- 
quence. It should be noted that Isbj(xi) represents the 
lower j bits, and when the number of bits for modulo N 
is n, j = 0(log 2 n). 

The square-type pseudo-random number se- 
quence is one that is secure from a calculation amount 
on an assumption that the determination of a root re- 
mainder for N is difficult from the view of a calculation 
amount. 

In order to adequately secure the square-type pseu- 
do-random numbers, it is preferable that the bit count n 



for modulo N in the square expression (3) be approxi- 
mately 512. Secret keys (initial values for the pseudo- 
random number generator 54) K A , K B , .... which are 
employed in common between the subscribers, are 1 < 

5 K A , K B <N-1. 

The pseudo-random number generator 10 for gen- 
erating the square-type pseudo-random number se- 
quence is the same as is shown in Fig. 19. 

The encipherer 30 for which the processing rate can 

10 be set can be designed as is shown in Fig. 27 by using 
the above described pseudo-random number generator 
10. The enciphering system that is employed by enci- 
pherer 30 in this embodiment is a stream enciphering 
system. An encipherer 30 in Fig. 27 comprises a pseu- 

15 do-random number generator 10 and an exclusive OR 
circuit 33. 

To perform enciphering using the encipherer 30, an 
exclusive OR is performed with each bit in input plaintext 
and a pseudo-random number sequence that is gener- 

20 ated by the pseudo-random number generator 10 : and 
as a result : enciphered text is obtained For deciphering, 
an exclusive OR is performed with each bit in input en- 
ciphered text and a pseudo-random number sequence 
(the same as that used for enciphering) that is generated 

25 by the pseudo-random number generator 10, and as a 
result, plaintext is acquired. 

In this embodiment as well as in the previous em- 
bodiments, the communication terminal 60 that is shown 
in Fig. 20 is used for cryptographic communication. 

30 In this embodiment as in the sixth embodiment, 
even if the enciphering capabilities of the communica- 
tion terminals 60 of a sender and a receiver differ, the 
cryptographic communication can be performed. 

35 Tenth Embodiment 

In this embodiment, a pseudo-random number gen- 
erator 1 0 shown in Fig. 28 is employed for which the 
pseudo- random number generation rate can be set. 

40 The generation rate forthe pseudo-random number 
generator 10 in this embodiment can be set externally. 
To do this, the pseudo-random number generator 1 0 can 
be structured as is described in reference 3, Keiichi Iwa- 
mura, Tsutomu Matsumoto and Hidekt Imai, "Remainder 

45 Multiplication By Montogomery Method Appropriate For 
Power Remainder, And Cistric Array for Accomplishing 
It", Paper of electronics information and communication 
engineers (A), Vol. 76, No. 8, pp. 1214 to 1223, 1993. 
According to this method, the pseudo-random number 

so generator 1 0 can be provided by performing a repetitive 
process using an operator (processing element: PE) 
shown in Fig. 11 . and a circuit ranging from a small one 
(low-speed processing) to a large one (high-speed 
processing) can be provided in consonance with the 

55 number of PEs 1 4 that are employed. The PE 1 4 shown 
in Fig. 28, which is so structured as is shown in Fig. 29, 
comprises registers R1 , R2, . and R9; an adder 15; 
and a multiplier 16. 
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When the pseudo-random number generator 10 is 
so arranged in advance that a plurality of PEs are em- 
ployed to perform a repetitive process, the pseudo-ran- 
dom number generator 10 generates pseudo-random 
numbers at a high rate when all the PEs are operated, 
while it generates pseudo-random numbers at a low rate 
when only several PEs are operated. 

An example pseudo-random number generator 10, 
according to the present invention, for which the 
processing rate can be varied, is shown in Fig. 30. The 
pseudo-random number generator 10 in Fig. 30 com- 
prises two PEs 17, PE1 and PE2, which are described 
in the above reference; and two selectors 18, selector 
1 and selector 2. The selectors 18 are controlled by a 
rate setting signal. 

When the pseudo-random number generator 10 is 
to be operated at high speed, both PEs are used to gen- 
erate pseudo-random numbers. More specifically, when 
the operation is begun, the selector 1 selects signal la 
while the selector 2 selects signal 2b. Thereafter, the 
selector 1 selects signal 1b and the PE1 and PE2 are 
used repeatedly as many times as one are required for 
the square-type operation. 

When the pseudo-random number generator 10 is 
to be operated at a low speed, only one PE (PE2) is 
used to generate pseudo-random numbers. More spe- 
cifically, when the operation is begun, the selector 2 se- 
lects signal 2a. The selector 2 thereafter selects signal 
2c and the PE2 is used repeatedly as many times as 
are required for the square-type operation. The selector 
1 and PE1 are not employed. In this case, the time re- 
quired for the square-type operation is twice the time 
required when two PEs are employed, and the genera- 
tion rate is reduced by half. 

Further, when the pseudo-random number genera- 
tor 10 is to be operated at a low speed, the PE1 and 
PE2 use different keys to perform enciphering for differ- 
ent users. More specifically, when the operation is be- 
gun, the selector 1 selects signal la while the selector 2 
selects signal 2a. Thereafter, the selector 1 selects sig- 
nal Ic while the selector 2 selects signal 2c, and the PE1 
and PE2 are used repeatedly as many times as are re- 
quired for the square-type operation. At this time, if the 
keys for different users are set by the PE1 and the PE2, 
enciphered text for different subscribers can be ac- 
quired. 

That is, a plurality of such PEs are prepared to pro- 
vide the pseudo-random number generator 10, and the 
processing route is determined in consonance with a re- 
quested processing rate, so that the pseudo-random 
number generator 10 for which the processing rate can 
be varied can be obtained. Although two PEs were em- 
ployed in Fig. 30, the present invention does not limit 
the number of PEs that may be used. 

An encipherer that includes the pseudo-random 
number generator 10 of this embodiment is structured 
as is shown in Fig. 31 Further, in this embodiment, a 
communication terminal 60 shown in Fig 23 is used for 



cryptographic communication. 

The communication interface 40 in the sixth embod- 
iment can also be used in this embodiment, and the 
cryptographic communication network shown in Fig. 4 
5 is used. 

The cryptographic communication from subscriber 
A to subscriber B is performed using the same proce- 
dures as those in the ninth embodiment. 

In this embodiment, as well as in the sixth embodi- 
io ment, even if the enciphering capabilities of the commu- 
nication terminals 60 of the sender and the receiver dif- 
fer, cryptographic communication can be performed. 

Eleventh Embodiment 

15 

A pseudo-random number generator 10 tor which a 
pseudo-random number generation rate can be set is 
also employed in this embodiment. In the ninth and tenth 
embodiment, since a key that is employed in common 
20 between the subscribers is fixed, the initial value for the 
pseudo-random number generator 10 is a constant val- 
ue when a sender and a receiver are the same, and thus 
the same pseudo-random number sequence is gener- 
ated. 

25 in this embodiment, even if the sender and the re- 
ceiver are the same, the initial value of the pseudo-ran- 
dom number generator 10 is altered each time and the 
security is increased. 

In expressions (3) and (4) in the ninth embodiment 

30 that are the procedures for generating pseudo-random 
numbers, x^, which is sequentially updated by the 
feedback calculation, is called an internal variable of the 
pseudo-random number generator 10. 

The pseudo-random number generator 10 in this 

35 embodiment includes a processor 19a for performing 
feedback calculation of expression (3), and a processor 
19b for performing feedback calculation of expression 
(4), as is shown in Fig. 32, and reads the internal varia- 
ble that is updated by expression (3). The internal vari- 

40 able is stored in holding means 71 of a portable storage 
device 70, which is connected to a communication ter- 
minal 60 shown in Fig. 20 : for example. In the ninth and 
tenth embodiment, since the initial value is set to the 
pseudo-random number generator 10, movement of da- 

45 ta is unidirectional only. In this embodiment, however, 
the internal variable can be read from the pseudo-ran- 
dom number generator 10 in the reverse direction. A 
common key, which was used for the current information 
servicing, is then replaced by the interna! variable that 

so was read and that will be used as a common key for the 
next information servicing. 

Since the pseudo-random number 10 is replaced 
by that shown in Fig. 27 or 31, its processing rate can 
be varied, so that an encipherer 30 can be provided 

55 wherein the processing rate can be changed each time 
the initial value for the pseudo-random number genera- 
tor 10 is used. Further, the previously mentioned com- 
munication terminal 60 can be designed by using such 
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an encipherer 30. 

The cryptographic communication in this embodi- 
ment from subscriber A to subscriber B is performed us- 
ing the same procedures as are shown in the ninth em- 
bodiment. It should be noted that, for both sender and 
receiver, an additional cryptographic communication 
procedure is required at the last in which "an internal 
variable value of the pseudo-random number generator 
when deciphering of enciphered data is completed is se- 
cretly held, in the holding means of the portable storage 
device, as a new initial value for the next cryptographic 
communication with subscriber A (or B)." 

In this embodiment, as well as the sixth embodi- 
ment, even if the enciphering capabilities of the commu- 
nication terminals 60 of the sender and the receiver dif- 
fer, cryptographic communication can be performed. 

Twelfth Embodiment 

This embodiment shows an enciphering system 
wherein a pseudo-random number sequence that is 
generated by the pseudo-random number generator 10, 
for which the processing rate can be set as is explained 
in the ninth, tenth and eleventh embodiments, is em- 
ployed as a key series for the encipherer, for which the 
processing rate can be set as is explained in the sixth, 
seventh and eighth embodiments. This enciphering sys- 
tem differs from the conventional enciphering system 
(Yamamoto, Iwamura, Matsumoto and Imai: "Square- 
type pseudo-random number generator and practical 
enciphering system employing block encipher," Institute 
of electronic information and communication engineers, 
I SEC 93-29, 1993-08) in that the processing rates for 
the encipherer and the pseudo-random number gener- 
ator can be set. 

The enciphering system in this embodiment can be 
provided by an arbitrary combination of the pseudo-ran- 
dom number generator 10 in the seventh, tenth or elev- 
enth embodiment, for which the processing rate can be 
set, and the encipherer 30 in the sixth, seventh or eighth 
embodiment, for which the processing rate can be set. 

In this embodiment, an explanation will be given 
specifically for a case wherein a pseudo-random 
number sequence that is generated by the pseudo-ran- 
dom number generator 10 in the ninth embodiment, for 
which the processing rate can be set, is employed as a 
key series for the encipherer 30 in the sixth embodiment, 
for which the processing rate can be set. 

As is shown in Fig. 33, a communication terminal 
60 in this embodiment comprises: an encipherer 30, for 
performing enciphering (deciphering) according to an 
algorithm that is specified by a network; a pseudo-ran- 
dom number generator 10, for generating random num- 
bers, which are secure from a calculation amount, ac- 
cording to an algorithm that is specified by the network; 
a computing unit 20, for converting the pseudo-random 
numbers that are output by the pseudo-random number 
generator 10 into a key series for the encipherer 30; a 



communication interface 40; an enciphering rate setting 
device 50; and a generation rate setting device 13. 

The enciphering rate setting device 50 in this em- 
bodiment is shown in Fig. 21 . The processing rate for 

5 the encipherer 30 can be set externally by the encipher- 
ing rate setting device 50. 

The generation rate setting device 1 3 in this embod- 
iment is also shown in Fig. 21. The processing rate for 
the pseudo-random number generator 1 0 can be set ex- 

io ternally by the generation rate setting device 13. 

As is described in the related prior art, the comput- 
ing unit 20 converts a pseudo-random number se- 
quence that is output by the pseudo-random number 
generator 1 0 into a series of keys for the encipherer 30. 

f5 Therefore, the processing rate for the computing unit 20 
should be changed in proportion to the processing rate 
for the pseudo-random number generator 10. A clock 
signal that is selected by the generation rate setting de- 
vice 1 3 is also used to change the processing rate for 

20 the computing unit 20. 

Further, a selective combination of clocks for the en- 
ciphering rate setting device 50 and the generation rate 
setting device 1 3 permits further flexibility. 

The communication interface 40 in the sixth embod- 

2S iment is also used in this embodiment, and the crypto- 
graphic communication network in Fig. 21 is used for 
this embodiment. 

The cryptographic communication from subscriber 
A to subscriber B is performed using the following pro- 

30 cedures. 

An explanation for the preprocedures for crypto- 
graphic communication will not be given since they are 
the same as those in the sixth embodiment, with the ex- 
ception that instead of "information that indicates the 

35 processing rate for the encipherer 30", "information that 
indicates the processing rate for the encipherer 30 and 
the processing rate for the pseudo-random number gen- 
erator 10" is exchanged via the communication interface 
40. An explanation will now be given for the procedures 

40 used when a sender A and a receiver B agree on the 
enciphering (deciphering) rate for the encipherer 30 and 
the pseudo-random number generation rate. 

Enciphered data communication procedures (for sender 
45 A) 

1 . The processing rates for the encipherer 30 and 
the pseudo-random number generator 10 are set in 
consonance with rate setting signals to those that 

so are determined using the preprocedures. 

2. Secret key K AB , which is owned in common with 
the receiver B, is set as the initial value x 0 to the 
pseudo-random number generator 10. 

3. The pseudo-random number generator 10 is op- 
55 erated to generate a pseudo-random number se- 
quence that is secure from a calculation amount. 

4 The computing unit 20 converts the generated 
pseudo-random number sequence into a series of 
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keys for the encipherer 30. 

5. While the series of keys that is output by the com- 
puting unit 20 is updated as keys for the encipherer 
30, the encipherer 30 enciphers the data using the 
keys, and transmits the enciphered data to the re- 5 
ceiver B via the communication interface 40. 

Enciphered data communication procedures (for 
receiver B) 

10 

1. The processing rates for the encipherer 30 and 
the pseudo-random number generator 10 are set in 
consonance with rate setting signals to those that 
are determined through the preprocedures. 

2. Secret key K AB , which is owned in common with is 
the sender A, is set as the initial value Xq to the pseu- 
do-random number generator 10. 

3. The pseudo-random number generator 10 is op- 
erated to generate a pseudo-random number se- 
quence that is secure from a calculation amount. 20 

4. The computing unit 20 converts the generated 
pseudo-random number sequence into a series of 
keys for the encipherer 30. 

5. Enciphered data are received across a transfer 
path via the communication interface 40, and while 25 
the series of keys that is output by the computing 
unit 20 is updated as keys for the encipherer 30, the 
encipherer 30 deciphers the enciphered data re- 
ceived from the sender A. 



Through the above procedures, the trade-off of the 
security of cryptography can be selected with a high de- 
gree of freedom. When the pseudo-random number 
generator 10 is the one in the eleventh embodiment, for 
a sender and a receiver, a procedure in which "the in- 
ternal variable value of the pseudo-random number 
generator 10, when the deciphering of the enciphered 
data is completed, is secretly held, as an initial value for 
the next cryptographic communication with A (or B), in 
the holding means 71 of the portable storage device 70" 
is required as the last of the cryptographic communica- 
tion procedures. 

Even when the capabilities of the communication 
terminals 60 of the sender and the receiver differ, they 
can be adjusted at the preprocedures 1 and 2 and cryp- 
tographic communication can be performed. Therefore, 
the processing rate for the encipherer and the pseudo- 
random number generation rate can be selected in con- 
sonance with the secrecy of the data. For example, it is 
preferable that for very highly classified data the 
processing rate lor the encipherer 30 be almost the 
same as the generation rate for pseudo-random num- 
bers that are secure from a calculation amount. 

In the sender's procedure 4 and the receiver's pro- 
cedure 4, there is a method whereby from the beginning 
the obtained pseudo-random number sequence is divid- 
ed by the computing unit 20 into individual key bit 
lengths (56 bits each) for DES cryptography, and the di- 



vided bit sets are employed as keys for the DES cryp- 
tography. Another method, whereby the computing unit 
20 converts the pseudo-random number sequence into 
a series of keys for DES cryptography, may be employed 
so long as it is common to a sender and a receiver eve.n 
though it is not used in common by a cryptographic com- 
munication network. Although the modulo N in the 
square calculation is 512 bits, any other number of bits 
can be used. 

Although DES cryptography is employed in this em- 
bodiment, the cryptography is not limited to DES, and 
any other common-key cryptography, such as FEAL 
cryptography, can be used. In addition, although a single 
DES encipherer is used as the encipherer 30, a plurality 
of DES encipherers or a combination of a DES encipher- 
er and a FEAL encipherer can be employed. Further, 
although the square-type pseudo-random numbers are 
used as an algorithm for the generation of pseudo-ran- 
dom numbers that are secure for a calculation amount, 
another algorithm that is used to generate pseudo-ran- 
dom numbers that are secure from a calculation amount 
can be used. As is described in, for example, the above 
reference 2, an algorithm for which RSA cryptography, 
discrete logarithms, or reciprocal cryptography is em- 
ployed also can be applied as the algorithm of the 
present invention for generation of pseudo-random 
numbers. 

Thirteenth Embodiment 

30 

In the twelfth embodiment, an explanation was giv- 
en for the enciphering system provided by a combina- 
tion of the pseudo-random number generator 10 in the 
seventh, tenth and eleventh embodiments, for which the 
35 processing rate can be set, and the encipherer 30 in the 
sixth, seventh and eighth embodiments, for which the 
processing rate can be set. The present invention addi- 
tionally includes an enciphering system provided by a 
combination of the pseudo-random number generator 
40 1 o, as explained in the ninth, tenth and eleventh embod- 
iments and for which the processing rate can be set, and 
an encipherer 30 having a constant processing rate, and 
an enciphering system provided by a combination of the 
encipherer 30 in the sixth, seventh and eighth embodi- 
es ments and for which the processing rate can be set, and 
a pseudo-random number generator 10 having a con- 
stant processing rate. 

In this embodiment, an explanation will be given 
specifically for a case wherein a pseudo-random 
so number sequence, which is generated by the pseudo- 
random number generator 10 having a constant 
processing rate, is employed as a key series for the en- 
cipherer 30 in the sixth embodiment, for which the 
processing rate can be set. 
55 As is shown in Fig. 34, a communication terminal 

60 in this embodiment comprises: an encipherer 30, for 
performing enciphering (deciphering) according to an 
algorithm that is specified by a network; a pseudo-ran- 
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dom number generator 10, for generating random num- 
bers, which are secure from a calculation amount, ac- 
cording to an algorithm that is specified by the network; 
a computing unit 20, for converting the pseudo-random 
number that is output by the pseudo-random number $ 
generator 10 into a key series for the encipherer 30; a 
communication interface 40; an enciphering rate setting 
device 50; and a generation rate setting device 13. 

The enciphering rate setting device 50 in this em- 
bodiment is shown in Fig. 21. The processing rate for to 
the encipherer 30 can be set externally by the encipher- 
ing rate setting device 50. 

The communication interface 40 in the sixth embod- 
iment is also used in this embodiment, as is the crypto- 
graphic communication network in Fig. 21. Crypto- is 
graphic communication from subscriber A to subscriber 
B is performed using the same procedures as those in 
the twelfth embodiment, with the exception that instead 
of "information that indicates the processing rate for the 
encipherer 30 and the processing rate for the pseudo- 20 
random number generator 10," only "information that in- 
dicates the processing rate of the encipherer 30" is ex- 
changed via the communication interface 40. 

Fourteenth Embodiment 25 

Although in the twelfth embodiment, the encipher- 
ing rate setting device 50 and the generation rate setting 
device 1 3 in Fig 21 are independent devices, in this em- 
bodiment, as is shown in Fig 35, the two devices are 30 
integrally formed to provide a single rate setting device 
80. 

The rate setting device 80 in Fig. 35 comprises v 
clock generators 81 and a selector 82. Each of the clock 
generators 81, CK pi , generates a clock signal p v The 35 
clock signals p v p 2 , - . . and p v that are generated by 
the respective clock generators 81 are transmitted to the 
selector 82. The selector 82 transmits two output types: 
one is used as an operation clock for the encipherer 30, 
and the other is used as an operation clock for the pseu- 40 
do-random number generator 1 0 and the computing unit 
20. The selector 82 is controlled by a rate setting signal 
that is transmitted by a subscriber that operates the 
communication terminal 60, and the selector 82 inputs 
two of the three inputs. 45 

With the arrangement shown in Fig 35 ; the enci- 
phering rate setting device and the generation rate set- 
ling device can be integrally formed. 

As is described above, according to the embodi- 
ments, the enciphering rate and an encipher power are so 
changed between a sender and a receiver that perform 
cryptographic communication, and a new enciphering 
rate and encipher power are used in common by the 
sender and the receiver before the transmission of en- 
ciphered text. As a result, a tradeoff involving the secu- 55 
rity for cryptography and the processing rate can be se- 
lected, which is conventionally impossible, and crypto- 
graphic communication having a high degree of free- 



dom can be provided. In addition, even when the 
processing capability of the encipherer and pseudo-ran- 
dom number generator of the sender do not correspond 
to those of the receiver, cryptographic communication 
can be performed. 

Fifteenth Embodiment 

A fifteenth embodiment will now be described. 

In this embodiment, in the system in the above em- 
bodiment wherein the enciphering (or deciphering) rate 
can be varied, a fee for an information providing service 
is assessed in consonance with the set processing rate. 
The accounting method is changed in consonance with 
one, or more, of a process repetition count for encipher- 
ing, a pseudo-random number generation rate, and a 
process repetition count for generation of pseudo-ran- 
dom numbers, as is described in the above embodi- 
ments. 

A specific example for changing the accounting 
method in consonance with an enciphering rate will now 
be described. 

In this embodiment, an information providing center 
1 0 and users of an information providing service perform 
cryptographic communication by using a communica- 
tion terminal 20, as is shown in Fig. 36, that comprises 
an encipherer 21, for performing enciphering (decipher- 
ing) according to an algorithm that is specified by a net- 
work; a communication interface 22; and an enciphering 
rate setting device 23 

The enciphering rate for the encipherer 21 can be 
set by the enciphering rate setting device 23. A plurality 
of operation clocks having different frequencies are pre- 
pared for the encipherer 21 , and one of these operation 
clocks is selected in consonance with the external set- 
ting for the enciphering rate. 

In Fig. 37 is shown an example enciphering rate set- 
ting device 23, which comprises t clock generators 23a 
and a selector 23b. Each of the clock generators 23a, 
CKqi, generates a clock signal % The clock signals q,, 
q 2 , . . . and q t that are generated by the clock generators 
23a are transmitted to the selector 23b, and one of the 
input clock signals is selected by an information provid- 
ing server and a user, who each use the communication 
terminal 20. The selector 23b is controlled by using a 
rate setting signal. 

The communication interface 22 is employed to 
transmit to, or receive from, a transfer path information 
that indicates an enciphering (deciphering) rate, and 
transmission text that is enciphered by the encipherer 
21. 

The cryptographic communication network em- 
ployed for this embodiment, which is shown in Fig. 4, 
comprises the information providing center and users A, 
B, . . . and M. Inherent and secret keys K A , K B , . . . and 
K M are employed in common between the information 
providing center and the users The owning of a key in 
common can be accomplished by the information pro- 
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viding center setting the keys in advance, or by a well 
known system for the joint ownership of a key, as is de- 
scribed in Tsujii and Kasahara. "Cryptography And In- 
formation Security", Shokosha Co., Ltd., pp. 72 and 73, 
and pp. 97 to 104, 1990. 5 

The users A through M of the cryptographic com- 
munication network in Fig. 4 that performs the informa- 
tion providing service have a portable storage device 30 
shown in Fig. 22. A secret key, of the user that owns the 
portable storage device 30, that is required for crypto- 10 
graphic communication is stored in the portable storage 
device 30. If a user other than the owner knows the se- 
cret key secret communication is not performed and a 
reliable information providing service can not be provid- 
ed. Therefore, while taking security into consideration *5 
so as to restrict access to a secret key to an owner only, 
the portable storage device 30 is provided for each user 
in addition to the communication terminal 20. Although 
the portable storage device 30 may be part of the com- 
munication terminal 20, so long as a physically secure 20 
area can be ensured for each user, the communication 
terminal 20 that can be used for cryptographic commu- 
nication by each user is limited. It is better for the com- 
munication terminal 20 and the portable storage device 
30 to be separately provided and for secret information 25 
belonging to each user to be not stored in the commu- 
nication terminal 20. With this arrangement, which is 
convenient for a user, whatever type of communication 
terminal 20 a user may employ, the user can exchange 
secret information via his or her own portable storage 30 
device 30 for cryptographic communication. 

The portable storage device 30 can exchange infor- 
mation with the communication terminal 20 across a 
safe communication path, and as a physically secure 
area, has holding means 31 . Only an authorized owner 35 
can normally operate the portable storage device 30, 
and a procedure for the verification of a password, etc., 
is performed to determine whether or not a user is an 
authorized owner. An IC card, etc., is employed as the 
portable storage device 30. 40 

As is shown in Fig. 38, the information providing 
center 10 comprises at least each of the following com- 
ponents: the commun ication terminal 20; a database 1 1 , 
wherein information to be provided is stored; an ac- 
counting device 12, for calculating a charge in conso- 45 
nance with provided information and conditions for pro- 
viding information; and a storage device 1 3, wherein are 
stored the secret keys of all the users, who are required 
for cryptographic communication, and service fee infor- 
mation. In Fig. 37, a plurality of communication terminals so 
20 are provided to enable the simultaneous transmis- 
sion of information to a plurality of users. For a larger 
information providing system, more than one database 
1 1 , accounting device 1 2 and storage device 1 3 may be 
provided. 55 

In the database 11 that is designed as is shown in 
Fig 39 are stored information that is to be provided for 
users and corresponding charge information of provid- 



ing information service. Charges in the charge informa- 
tion are divided in consonance with an enciphering rate 
at which the information is enciphered for the service. 
When, for example, the enciphering rate can be set to 
V q1 ,V q2 , . . .or V qt by the enciphering rate setting device 
23, a fee for providing the information at enciphering rate 
V q1 is employed as a basic fee, and a fee for providing 
information at enciphering rate V q2 is M q2 times the ba- 
sic fee, . ... and a fee for providing information at enci- 
phering rate V qt is M qt times the basic fee. A name is 
given to information so that a user can specify the infor- 
mation desired. The above described database 11 can 
be easily designed by using a conventional database as 
a base. 

The storage device 1 3 that is designed as is shown 
in Fig. 40 has a key storage area, in which a secret key 
that is required for cryptographic communication is 
stored for each user who is a member of the information 
providing network; and a cumulative account total stor- 
age area, in which a cumulative account total of service 
fees assessed during a specific period. This period is 
called a service fee totalization period. The fee totaliza- 
tion period is specified as one month, for example. The 
information providing center 10 employs the cumulative 
account total for each user that is stored in the cumula- 
tive account total storage area to calculate an informa- 
tion providing service fee for each user during the fee 
totalization period, and charges the user the calculated 
fee. When a specific fee totalization period has expired, 
the service fee for each user during the period that it 
was stored in the cumulative account total storage area 
is shifted as backup information to another storage 
means, and a service fee for each user in the cumulative 
account total storage area is reset. 

The accounting device 1 2 is designed as is shown 
in Fig. 41 . For the information that is currently being pro- 
vided, the accounting device 1 2 assesses a fee in con- 
sonance with the enciphering rate that is employed for 
providing the information. The accounting device 1 2 can 
extract charge information from the database 11. The 
accounting device 12 adds a current information service 
fee to the cumulative account total, of a user to whom 
the information was provided, that is held in the storage 
device 1 3 in order to update the cumulative account to- 
tal, and writes the new cumulative account total for the 
user in the cumulative account total storage area in the 
storage device 1 3. 

The above described devices constitute the infor- 
mation providing network for this embodiment. 

The following procedures are performed for a case 
wherein the user A requests specific information from 
the information providing center 10 : the information pro- 
viding center 10 transmits the requested information to 
the user A and charges the user A a fee for the informa- 
tion providing service. It is assumed herein that the user 
A has received the information service from the infor- 
mation providing center 10 several times during a cur- 
rent service fee totalization period, and that the cumu- 
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lative charge for the user A for the current period, which 
is stored in the cumulative account total storage area in 
the storage device 1 3, is Charge A . Further, it is assumed 
that the name of the information for which the user A 
requests the service is info, and that a, basic charge (the 
charge for providing the information at the enciphering 
rate V ql ) for Info is UC, nfo . Further, it is assumed that 
the user A accepts enciphered rate V qj for providing Info. 
In addition, it is assumed that the information providing 
service fee at the enciphering rate V qi is M qi times the 
basic fee UC, nfo in consonance with the amount of in- 
formation and the enciphering rate. Furthermore, it is as- 
sumed that the user A knows the informatbn name Info 
and the basic charge UC, nfo in advance. In the following 
explanation, it is assumed that authorization of the au- 
thentic user A to use his or her own portable storage 
device 30 has been obtained, and that the portable stor- 
age device 30 is so set in the operating state that it can 
communicate with the communication terminal 20. In 
addition, it is assumed that authorization has been ob- 
tained for the user A, as an authentic subscriber to use 
the information providing center 1 0. The two authoriza- 
tions can be provided by a well known authorization 
technique. 

Information providing preprocedures 

1. The user A requests that the information provid- 
ing center 1 0 provide the service for Info, and at the 
same time, notifies it of a desired enciphering rate, 
V qj , for providing information. 

2. Upon the request from the user A that the service 
for Info be provided, the information providing cent- 
er 1 0 calculates a charge for the information provid- 
ing service by using the unit charge UC, nfo for Info 
and the information service fee at the enciphering 
rate V qi , which is M qi times the basic fee UC, nfo for 
Info, and transmits the obtained service fee infor- 
mation to the user A. 

3. If the user A agrees with the received service fee 
information for info, the user A requests that the in- 
formation providing center 10 provide the service 
for Info. If the user does not agree with the received 
service fee information, the user notifies the infor- 
mation providing center 10 to cancel the service for 
Info, and this procedure is thereafter terminated. 

The following procedures are employed when the 
user A requests that the information providing center 10 
provide the service for information Info. 

Information providing procedures (for information 
providing center) 

1 . According to a rate setting signal, the enciphering 
rate for the encipherer 21 is set to a rate that is de- 
termined by the preprocedures. 

2. The secret key K A , which is held in the key stor- 



age area for the user A in the storage device 1 3, is 
set to the encipherer 21 . 

3. Data are enciphered by the encipherer 21, and 
the enciphered data are transmitted to the user A 
via the communication interface 22. 

Information providing procedures (for user A) 

1 . According to a rate setting signal, the enciphering 
rate for the encipherer 21 is set to a rate that is de- 
termined by the preprocedures. 

2. The secret key K A> which is held in the portable 
storage device 30, is set to the encipherer 21 . 

3. The enciphered data are received from the infor- 
mation providing center 10 across the transfer path 
and via the communication interface 22, and are de- 
ciphered by the encipherer 21 . 

The accounting procedures will now be explained 
after the information providing center 10 has provided 
Info. 

Accounting procedures (for 
information providing center) 

1. The accounting device 12 extracts the basic 
charge information UC lnfo for Infofrom the database 
1 1 , and also extracts information that a charge for 
the information providing service at the enciphering 
rate V qj is M qj times the basic charge UC, nfo . 

2. The accounting device 1 2 calculates an informa- 
tion providing charge from the basic charge infor- 
mation UC, nfo and M qj . In this case, the charge is 
M qi X UC tnfo . 

3. The accounting device 1 2 adds the charge M qj x 
UC, nfo to the cumulative account total Charge A of 
the user A that is held in the storage device 13 to 
acquire a new cumulative account total, Charge A + 
M qi x UC| nfo , which is then written in the cumulative 
account total storage area for the user A in the stor- 
age device 1 3. It should be noted that the calcula- 
tion of the cumulative account total is not required 
when a charge is cleared off each time. 

Each lime the service fee totalization period has ex- 
pired, the information providing center 10 charges indi- 
vidual users the cumulative account total of fees for the 
users. Further, when the service fee totalization period 
is over, the service charge, for each user for the period, 
that is held in the cumulative account total storage area 
is moved as backup information to another storage 
means, and the service fee for each user in the cumu- 
lative account total storage area is reset. 

Through the above procedures, the enciphering 
rate can be selected with a high degree of freedom. 
When the capability of the communication terminal 20 
of a user is low, a low charge for the information provid- 
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ing service can be set. When a user has a communica- 
tion terminal 20 having a high capability and desires to 
use the high capability, a high charge for information 
providing service can be set. 

It is not necessary to perform 'Information providing 
preprocedures 1" for each communication. It is not re- 
quired when, for example, a sender and a receiver de- 
termine a processing rate in advance and perform cryp- 
tographic communication in consonance with the rate. 

Although in this embodiment, the accounting meth- 
od is changed in consonance with the enciphering rate, 
the accounting method can be changed in consonance 
with a pseudo-random number generation rate, etc. 

As is described, according to the above embodi- 
ments, the enciphering rate and the encipher power can 
be selected and the accounting procedures can be per- 
formed in consonance with a selected enciphering rate 
and encipher power. Asa result, security for enciphering 
information can be provided and a service charge for it, 
or an enciphering rate and a corresponding service 
charge, can be selected that conventionally are not tak- 
en into consideration, and thus a charging system for 
information providing service with a high degree of free- 
dom can be provided. 

An explanation will be given for the invention for se- 
lectively using one of a plurality of enciphering systems, 
and the sixteenth through twenty-third embodiments for 
changing an accounting method in consonance with a 
selected enciphering system. The sixteenth through 
twenty-third embodiments are based on the following 
view points. 

Sixteenth Embodiment: One enciphering system is 
selected from among a plurality of enciphering systems, 
and a charge for information providing service is calcu- 
lated in accordance with a selected enciphering system. 

Seventeenth Embodiment: An enciphering system 
is set for common-key cryptography and public-key 
cryptography, and a charge for information providing 
service is calculated in accordance with a set encipher- 
ing system. 

Eighteenth Embodiment: One enciphering system 
is selected from among a plurality of block enciphering 
systems, and a charge for information providing service 
is calculated in accordance with a selected enciphering 
system. 

Nineteenth Embodiment: A plurality of f functions 
are prepared for DES cryptography One of them is se- 
lected to set an enciphering system, and a charge for 
information providing service is calculated in accord- 
ance with a selected enciphering system. 

Twentieth Embodiment: One enciphering system is 
selected for block cryptography from among a plurality 
of operational modes, and a charge for information pro- 
viding service is calculated in accordance with a select- 
ed enciphering system. 

Twenty-first Embodiment: One enciphering system 
is selected from among a plurality of enciphering sys- 
tems "for performing enciphering white updating a key", 



and a charge for information providing service is calcu- 
lated in accordance with a selected enciphering system. 

Twenty-second Embodiment: Either an enciphering 
system lor performing enciphering using a fixed key* or 
5 an enciphering system for performing enciphering 
while updating a key" is selected for block cryptography, 
and a charge for providing information service is calcu- 
lated in accordance with a selected enciphering system. 
Twenty-third Embodiment: It is possible to read an 
io internal variable of a key generation and selection de- 
vice that employs an enciphering system "lor perform ing 
enciphering while updating a key" in the twenty-second 
embodiment. 

In one aspect of this invention information providing 
is service is provided between a sender and a receiver by 
using communication terminals that have selection 
means for selecting a specific enciphering system from 
among a plurality of enciphering systems, and that ac- 
counting means is included for calculating a charge for 
20 information providing service in accordance with an en- 
ciphering system that is set at the communication ter- 
minal. Therefore, by employing the above described 
communication terminal, an encipher power can be se- 
lected, and a charge for information providing service 
25 can be calculated in accordance with the security and a 
processing rate that are provided by the selected enci- 
phering system. 

The plurality of enciphering systems to be selected 
are not limited to the enciphering systems shown in the 
30 following embodiments. As is explained for the related 
art, there are many enciphering systems that are cur- 
rently proposed and not all the enciphering systems can 
be explained in the embodiments. An enciphering sys- 
tem made by combining a plurality of enciphering sys- 
35 terns is included as an enciphering system to be select- 
ed in the present invention. 

Sixteenth Embodiment 

40 (n this embodiment, cryptography communication is 
performed by using a communication terminal 10, 
shown in Fig. 42, that comprises a plurality of encipher- 
ing devices 11 for performing enciphering (and deci- 
phering); a communication interface 12; a key genera- 
ls tion and selection device 13; and selection means 14 
for selecting one of the outputs of the enciphering de- 
vices 11. 

The enciphering devices 11 employ different enci- 
phering systems, tn this embodiment, it is assumed that 
50 there are t types of enciphering systems: enciphering 
system 1, enciphering system 2, . . ., and enciphering 
system t. The processing for these enciphering systems 
is performed by the enciphering devices 11 : enciphering 
device 1 , enciphering device 2, . . . and enciphering de- 
55 vice t. Further, one of the enciphering devices 11 that is 
to be used can be selected by an enciphering method 
setting signal In the following explanation, an encipher- 
ing device 1 1 is called encipherer 1 . or t, as needed 
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The selection means 14 is controlled by an enci- 
phering method setting signal, and can select one of the 
enciphering devices 1 1 . When it is desired that a proc- 
ess for the enciphering system 1 be performed, the se- 
lection means 14 is so set by an enciphering method 5 
setting signal that it selects the output of encipherer 1 . 
Similarly, when a process for the enciphering system 2 
is to be performed, the selection means 14 is so con- 
trolled by an enciphering method setting signal that it 
selects the output of encipherer 2. to 

The communication interface 12 is employed to 
transmit to, or receive from, a transfer path information 
that designates an enciphering system and transmis- 
sion text that is enciphered by the enciphering device 1 1 . 

Since generally the length of a key differs for each ts 
enciphering system, the key generation and selection 
device 1 3 is also provided as means for generating or 
selecting a key that corresponds to an enciphering sys- 
tem, which is selected by an enciphering method setting 
signal. The key generation and selection device 1 3 gen- 20 
e rates, from a single key that has a specific length, a 
key that corresponds to a selected enciphering system. 
Or, the key generation and selection device 13 pre- 
pares, in advance, corresponding keys in a number 
equivalent to the number of enciphering systems that 25 
can be realized by the enciphering devices 11 , and se- 
lects a key from among them that corresponds to a se- 
lected enciphering system. 

In Fig 43 is an example key generation and selec- 
tion device 1 3 The key generation and selection device 30 
1 3 generates a key according to the following algorithm. 
One key, which has a specific length, that is input to the 
key generation and selection device 13 is employed as 
an initial value (x 0 ) according to the following algorithm. 

35 

x i+1 =f(x i )(i = 0, 1,...) (1) 



b i+1 = g(x k1 )(i = 0, 1,...) (2). 40 

As is shown in Fig. 43, the key generation and se- 
lection device 13 comprises a processor 13a for per- 
forming feedback calculation using expression (1); a 
processor 1 3b for calculating expression (2); and a com- 45 
puting unit 1 3c for converting into a key an output having 
a length, which is provided by the processor for calcu- 
lating expression (2), that is required for a key that cor- 
responds to an enciphering system selected by an en- 
ciphering method setting signal. 50 

The computing unit 13c converts b-,, b 2 , . . . and bj, 
which are output by the processor 13b for calculating 
expression (2), into keys having lengths that correspond 
to an enciphering system that is selected by an enci- 
phering method setting signal. A key is a series of bits 55 
having a length that is specified by the algorithm of the 
selected enciphering system. The series of bits is gen- 



erated in such a manner that the computing unit 1 3c ar- 
ranges b-,, b 2; . . and b x in ascending order, or rearrang- 
es them. 

The operation of the key generation and selection 
device 1 3 is as follows: 

1 . Initial value x 0 is input to the key generation and 
selection device 13. 

2. x-|, x 2 . - . .. Xj are generated by expression (2). 

3. The generated x 1 , x 2 , . . . , x ( are substituted into 
expression (2), and b v b 2 , - . b { are obtained and 
are output. 

4. The computing unit 13c outputs b 1f b 2 , . . and 
bj as keys that correspond to an enciphering system 
that is selected by an enciphering method setting 
signal. 

For the key generation and selection device 1 3, how 
many times calculations for expressions (1) and (2) 
should be performed is designated by an enciphering 
method setting signal, and the length of a key to be out- 
put is controlled by the computing unit 1 3c. The key gen- 
eration and selection device generates a key having a 
length that corresponds to an enciphering system that 
is selected by an enciphering method setting signal. 

The key generation and selection device 1 3 can be 
designed as is shown in Fig. 44. The key generation and 
selection device 13 in Fig. 44 comprises t keys, k-,, 
k 2 , . . . and k t , and key selection means 13d. The keys 
k n , k 2 , . . . and k t are input to the key selection means 
13d, and one of them is selected by an enciphering 
method setting signal. In this manner, a key is selected, 
which has a length that corresponds to an enciphering 
system that is selected by an enciphering method set- 
ting signal. 

In this embodiment, the key generation and selec- 
tion device 1 3 in Fig. 43 is employed, which generates 
from a key having a specific length a key that corre- 
sponds to a selected enciphering system. 

A cryptographic communication network employed 
for this embodiment is shown in Fig. 4, which comprises 
the information providing center and users A ; B, . . . and 
M. Inherent and secret keys K A , K B . . . and K M are em- 
ployed in common between the information providing 
center 10 and the users. 

The ownership of a key in common can be achieved 
by the information providing center 1 0 setting the keys 
in advance, or by a well known system for the joint own- 
ership of a key, as is described in Tsujii and Ka Sahara, 
"Cryptography And Information Security", Shokosha 
Co., Ltd., pp. 72 and 73, and pp. 97 to 104, 1990. 

The users A through M of the cryptographic com- 
munication network that performs information providing 
service have a portable storage device shown in Fig. 22 
that is described in the previously mentioned embodi- 
ments. A secret key, belonging to the user that owns the 
portable storage device 30, that is required for crypto- 
graphic communication is stored in the portable storage 
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device 30. If a user other than the owner knows the se- 
cret key, secret communication can not be performed 
and a reliable information providing service can not be 
achieved. Therefore, taking security into consideration 
so as to Jimit the access to secret keys and release them s 
only to owners, one of the portable storage devices 30 
is provided for each user in addition to a communication 
terminal 10. Although the portable storage device 30 
may be part of the communication terminal 10 so long 
as a physically secure area can be ensured for each us- 
er, the communication terminal 10 that can be used for 
cryptographic communication by each user is limited. It 
is better that the communication terminal 10 and the 
portable storage device 30 be separately provided and 
that secret information for each user not be stored in the 
communication terminal 10. With this arrangement, 
which is convenient for a user, whatever type of com- 
munication terminal 10a user may employ, the user can 
exchange secret information via his or her own portable 
storage device 30 for cryptographic communication. 

The portable storage device 30 can exchange infor- 
mation with the communication terminal 10 across a 
safe communication path, and has a physically secure 
area as holding means 30a. Only an authorized owner 
can normally operate the portable storage device 30, 
and the procedure for verifying a password, etc., is per- 
formed to determine whether or not a user is an author- 
ized owner. An IC card, etc., is employed as the portable 
storage device 30 

In Fig. 45 is shown the arrangement of an informa- 
tion providing center 40. The information providing cent- 
er 40 comprises at least each of the following compo- 
nents: a communication terminal 10; a database 41 
wherein information to be provided is stored; an ac- 
counting device 42 for accounting a charge in conso- 
nance with provided information and conditions for in- 
formation providing; and a storage device 43 wherein 
are stored the secret keys of all the users, which are 
required for cryptographic communication, and service 
fee information. In Fig. 45, a plurality of communication 
terminals 10 are provided to enable the simultaneous 
transmission of information to a plurality of users. For a 
larger information providing system, more than one da- 
tabase 41 , accounting device 42 and storage device 43 
may be provided. 

in the database 41 that is designed as is shown in 
Fig. 46 are stored information that is to be provided for 
users and corresponding charge information for provid- 
ing information service. Charges in the charge informa- 
tion are divided in consonance with an enciphering rate 
at which the information is enciphered for the service. 
When, for example, the enciphering system can be set 
to C 1 , C 2 , ... or C t by the enciphering method setting 
signal, a charge is set accordingly, with a fee for provid- 
ing information i using the enciphering system Cj being 
set to P ; |. The above described database 41 can be eas- 
ily designed by using a conventional database as a 
base 



When a charge is to be calculated while taking the 
communication time required for information providing 
service into consideration, P s j is set as an information 
providing service charge for a unit of communication 
time. The number of units of communication time re- 
quired for providing information providing service is cal- 
culated. The information providing service charge for 
the communication time unit is multiplied by an obtained 
value, and the resultant value is assessed as an infor- 
mation providing service lee. 

The storage device 43 that is designed as is shown 
in Fig. 47 has a key storage area, in which a secret key 
that is required for cryptographic communication is 
stored for each user who is a member of the information 
providing network, and a cumulative account total stor- 
age area, in which a cumulative account total of service 
fees assessed during a specific period is stored. This 
period is called a service fee totalization period. The fee 
totalization period is specified as one month, for exam- 
ple. The information providing center 40 employs the cu- 
mulative account total for each user that is stored in the 
cumulative account total storage area to calculate a fee 
for each user for information providing service during the 
fee totalization period, and charges the user the calcu- 
lated fee. When a specific fee totalization period has ex- 
pired, the service fee for each user during the period 
that was stored in the cumulative account total storage 
area is shifted as backup information to another storage 
means, and a service fee for each user in the cumulative 
account total storage area is reset. It should be noted 
that the cumulative account total storage area is not nec- 
essary when a charge is cleared off each time informa- 
tion is provided. 

The accounting device 42 is designed as is shown 
in Fig. 48. For information that is currently being provid- 
ed, the accounting device 42 assesses a fee in conso- 
nance with the enciphering system that is employed for 
providing the information. The accounting device 42 can 
extract charge information from the database 41. The 
accounting device 42 adds a current information service 
fee to the cumulative account total, of a user to whom 
the information is provided, that is held in the storage 
device 43 to update a cumulative account total, and 
writes the new cumulative account total in the cumula- 
tive account total storage area for the user in the storage 
device 43. It should be noted that when a charge is 
cleared off each time information is provided, it is not 
necessary to calculate a cumulative account total and 
write it in a storage area. 

The above described devices constitute the infor- 
mation providing network for this embodiment. 

The following procedures are performed for a case 
wherein the user A requests specific information from 
the information providing center 40, the information pro- 
viding center 40 transmits the requested information to 
the user A and charges the user A a fee for the informa- 
tion providing service. 

It is assumed herein that the user A has received 
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the information service from the information providing 
center 40 several times during a current service fee to- 
talization period, and that the cumulative charge for the 
user A for the current period, which is stored in the cu- 
mulative account total storage area in the storage de- $ 
vice 43, is Charge A . Further, it is assumed that the name 
of the information for which the user A requests the serv- 
ice is Info. Further, it is assumed that the user A desires 
enciphered system Cj be used for providing Info, in ad- 
dition, it is assumed that the information providing serv- 10 
ice fee for enciphering system Cj is P lnfo j, in accordance 
with the amount of information and an enciphering rate. 
Furthermore, it is assumed that the user A knows the 
information name Info and the basic charge P| n f 0 j in ad- 
vance. 

In the following explanation, it is assumed that au- 
thorization tor the authentic user A has been provided 
by his or her own portable storage device 30 and that 
the portable storage device 30 is so set in the operating 
state that it can communicate with the communication 
terminal 10. In addition, it is assumed that authorization 
for the user A as an authentic subscriber has been pro- 
vided by the information providing center 40. The two 
authorizations can be provided by a well known author- 
ization technique. 

Information providing preprocedures 

1. The user A requests that the information provid- 
ing center 40 provide the service for Info, and at the 
same time, notifies it of a desired enciphering sys- 
tem, Cj, for providing information. 

2. Upon the request from the user A for the service 
for Info, the information providing center 40 trans- 
mits to the user A the charge P, nfo j for information 
providing service using enciphering system Cj. 

3. If the user A agrees with the received information 
service fee for Info, the user A requests the infor- 
mation providing center 40 to provide Info. If the us- 
er does not agree with the received information 
service fee, the user notifies the information provid- 
ing center 40 to cancel the service for Info, and this 
procedure is thereafter terminated. 

The following procedures are employed when the 
user A requests the information providing center 40 for 
the service for information Info. 



tion device 13. A key is generated that corresponds 
to the enciphering system that is selected according 
to the enciphering method setting signal. The gen- 
erated key is set in the enciphering device 11 . 
3. The enciphering device 11 enciphers data, the 
selection means 14 selects enciphered text that is 
output by the enciphering device 11 , which is deter- 
mined by the preprocedures, and transmits the se- 
lected enciphered text to the user A via the commu- 
nication interface 12. 

Information providing procedures (for user A) 

1 . The selection means 14 is so set by an encipher- 
ing method setting signal that it selects the output 
of the enciphering system that is determined by the 
preprocedures. 

2. The secret key K A , which is held in the portable 
storage device 30, is set as an initial value to the 
key generation and selection device 13, which in 
turn generates a key that corresponds to an enci- 
phering system that is selected by an enciphering 
method setting signal. The generated key is set to 
the enciphering device 11 . 

3. The enciphered data are received from the infor- 
mation providing center 40 across a transfer path 
via the communication interface 12, and are deci- 
phered by the enciphering device 11 . The selection 
means 14 receives plaintext that is output by the 
enciphering device 11 , which is determined by the 
preprocedures. 

The key generation and selection device in Fig. 44 
can be used. In this case, the key shown in Fig. 4 is a 
series of a plurality of keys. In other words, key K A , 
which is owned in common by the information providing 
center 40 and the user A, is constituted by key K A1 for 
enciphering system 1, for enciphering system 
2 and K At for enciphering system t. 

The information providing service from the informa- 
tion providing center 40 to the user A in this embodiment 
is performed according to the following procedures. As 
the preprocedures are the same as those described 
above, no explanation for them will be given. 

Information providing procedures (for information 
providing center) 

1 . The selection means 14 is so set by an encipher- 
ing method setting signal that it selects the output 
of an enciphering system that is determined by the 
preprocedures. 

2. The secret key K A (consisting of K A1 , K A2 , . . . and 
K Al ), which is held for the user A in the key storage 
area in the storage device 43, is set to the key gen- 
eration and selection device 13. A key is selected 
that corresponds to the enciphering system that is 
selected from among the plurality of keys K A1 , 



Information providing procedures (for information 
providing center) 

1 . The selection means 1 4 is so set by an encipher- 
ing method setting signal that it selects the output 
of an enciphering system that is determined by the 
preprocedures. 

2. The secret key K A , which is held for the user A in 
the key storage area in the storage device 43, is set 
as an initial value to the key generation and selec- 
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. . . and K AI according to the enciphering meth- 
od setting signal. The generated key is set in the 
enciphering device 11. 

3. The enciphering device 11 enciphers data, the 
selection means 14 selects enciphered text that is 
output from the enciphering device 11 , which is de- 
termined by the preprocedures, and transmits the 
selected enciphered text to the user A via the com- 
munication interface 12. 

Information providing procedures (for user A) 

1 . The selection means 1 4 is so set by an encipher- 
ing method setting signal that it selects the output 
of the enciphering system that is determined by the 
preprocedures. 

2. The secret key K A (consisting of K A1 , K^, . . . and 
K At ), which is held in the portable storage device 30, 
is set to the key generation and selection device 1 3. 
From among the plurality of keys K A1 , K^, . . . and 
K At , the key generation and selection device 1 3 se- 
lects a key that corresponds to an enciphering sys- 
tem that is selected by an enciphering method set- 
ting signal. The generated key is set tothe encipher- 
ing device 11. 

3. The enciphered data are received from the infor- 
mation providing center 40 across a transfer path 
via the communication interface 12, and are deci- 
phered by the enciphering device 11 . The selection 
means 14 receives plaintext that is output by the 
enciphering device 11, which is determined by the 
preprocedures. 

The accounting procedures will now be explained 
for after the information providing center 40 has provid- 
ed Info. This accounting procedures have the key gen- 
eration and selection device 13 in common with Figs. 
43 and 44. 

Accounting procedures 



pired, the information providing center 40 charges each 
individual user the cumulative account total of fees as- 
sessed for the user. Further, when the service fee total- 
ization period has expired, the service charge, for each 

5 user for the period, that is held in the cumulative account 
total storage area is moved as backup information to an- 
other storage means, and the service fee for each user 
in the cumulative account total storage area is reset. 
Through the above procedures, the enciphering 

70 system can be selected with a high degree of freedom. 
When an enciphering system is to be selected wherein 
the security is high but a load imposed for enciphering 
is great, a charge for the information providing service 
can be set high. When an enciphering system is to be 
selected wherein the security is low but an imposed load 
for enciphering is small, a charge for the information pro- 
viding service can be set low. 

In other words, in this embodiment, between the in- 
formation providing center 40 and a user, cryptographic 

20 communication can be performed for which the encipher 
power of the communication terminal 10 and the infor- 
mation providing service charge can be selected. 

It is not necessary to perform the [Information pro- 
viding preprocedures of the present invention] for each 

25 communication. It is not required, for example, when the 
information providing center 40 and a user determine 
an enciphering system in advance and perform crypto- 
graphic communication in consonance with the system. 

30 Seventeenth Embodiment 

In this embodiment, a communication terminal 10 
shown in Fig. 49 is employed, which comprises a plu- 
rality of encipherers, 1 5 and 16, for performing encipher- 
35 ing (and deciphering); a communication interface 12; a 
key generation and selection device 13; and selection 
means for selecting one of the outputs of the encipher- 
ers 15 and 16. 

Two enciphering systems are employed in this em- 
40 bodiment: 



1. The accounting device 42 extracts from the da- 
tabase 41 information that a charge for providing 
Info with enciphering system Cj is P lnfo j. 

2. The accounting device 42 calculates an informa- 45 
tion providing charge. In this case, the charge is P, n . 

for 

3. The accounting device 42 adds the charge P lnfo 
to the cumulative account total Charge A of the user 

A, which is held in the storage device 43, to acquire 50 
a new cumulative account total, Charge A P [nfo j, 
which is then written for the user A in the cumulative 
account total storage area in the storage device 43. 
It should be noted that the calculation of the cumu- 
lative account total is not required when a charge is 55 
cleared off each time. 

Each time the service fee totalization period has ex- 



1. DES enciphering system (or FEAL enciphering 
system) as a specific common-key enciphering sys- 
tem; 

2. RSA enciphering system (or EIGamal encipher- 
ing system) as a specific public-key enciphering 
system. The DES enciphering device (or the FEAL 
enciphering device) 15 and the RSA enciphering 
device (or the EIGamal enciphering device) 16 ac- 
complish the process of the embodiment. The DES 
enciphering system, the FEAL enciphering system, 
the RAS enciphering system, and the EIGamal en- 
ciphering system are introduced merely as specific 
examples for common-key enciphering or public- 
key enciphering, and the present invention is not 
limited to these and can be applied for other cryp- 
tographic algorithms 
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When the communication terminal 10 in Fig. 49 is 
employed by the DES enciphering system, the selection 
means selects the output from the DES enciphering de- 
vice 15. When the communication terminal 10 is em- 
ployed by the RAS enciphering system, the selection 
means 14 selects the output from the RSA enciphering 
device 16. 

The key generation and selection device 13, the 
communication interlace 12 and the selection means 14 
in this embodiment are the same as those in the six- 
teenth embodiment. It should be noted that the key gen- 
eration and selection device 1 3 in Fig. 44 is employed 
to select a key that corresponds to an enciphering sys- 
tem, which is selected by an enciphering method setting 
signal. More specifically, when the DES enciphering 
system is selected, a key that is distributed in advance 
for DES enciphering is selected. When the RSA enci- 
phering system is selected, a public key for RSA enci- 
phering is selected. 

Further, a cryptographic communication network 
shown in Fig. 50 is employed for this embodiment- A 
common-key and public -key cryptographic communica- 
tion network in Fig. 50 is provided by adding a public- 
key cryptographic communication network in Fig. 51 to 
the common-key cryptographic communication network 
in Fig. 4. For information providing service, since only 
an information providing center 40 performs encipher- 
ing, the information providing center 40 holds the public 
keys of individual subscribers in a database 41 

In the cryptographic communication network shown 
in Fig. 50, each subscriber secretly holds a secret key, 
which corresponds to his or her public key, and a key 
that is owned in common with the information providing 
center 40. In Fig. 50, public keys of users A, B, . . and 
M are denoted by KP A , Kp b , ... and KP M , and their secret 

keys are denoted by K S A , K S B ,. . . and K S M . K A , K B 

and K M indicate respectively a common key that is used 
in common by the information providing center 40 and 
user A, a common key that is used in common by the 
information providing center 40 and user B, . . ., and a 
common key that is used in common by the information 
providing center 40 and user M. Therefore, user j se- 
cretly holds his or her own secret key K s j and common 
key Kj along with the information providing center 40. 

Information providing service from the information 
providing center 40 to the user A is performed using the 
following procedures. The preprocedures and the ac- 
counting procedures are the same as Ihose in the six- 
teenth embodiment. 



Information providing procedures (for information 
providing center) 



which is held for the user A in the key storage area 
of the storage device 43, is selected as a key that 
corresponds to the selected enciphering system, 
jhe selected key is set to the enciphering device 1 5 

5 or 16. 

3. The encipherer 15 or 16 enciphers data, the se- 
lection means 14 selects enciphered text that is out- 
put by the enciphering device, which is determined 
by the preprocedures, and transmits the selected 

70 enciphered text to the user A via the communication 
interface 12. 

Information providing procedures (for user A) 

is 1 . The selection means 1 4 is so set by an encipher- 
ing method setting signal that it selects the output 
of the enciphering system that is determined by the 
preprocedures. 

2. According to an enciphering method setting sig- 
20 nal, either common key K A or secret key K S A , which 
is held in the portable storage device 30, is selected 
as a key that corresponds to the selected encipher- 
ing system. The selected key is set to the encipher- 
ing device 15 or 16. 
2S 3. The enciphered data are received from the infor- 
mation providing center 40 across a transfer path 
via the communication interface 1 2, and are deci- 
phered by the enciphering device 15 or 16. The se- 
lection means 14 receives plaintext that is output by 
30 the enciphering device 15 or 16, which is deter- 
mined by the preprocedures. 

Through the above procedures, an enciphering sys- 
tem can be selected in consonance with the secrecy of 

35 the information that is to be provided. For especially se- 
cret data, a public-key enciphering system can be se- 
lected. For data having a low secrecy level, common- 
key enciphering can be selected to simplify the process- 
ing. Therefore, an accounting system for information 

40 providing service that is consonant with a selected en- 
ciphering system can be provided. 

Eighteenth Embodiment 

45 in this embodiment are employed a communication 
terminal 10 shown in Fig. 52, which comprises a plurality 
of encipherers 17 and 18, for performing enciphering 
(and deciphering); a communication interface 12; a key 
generation and selection device 13; and selection 

so means for selecting one of the outputs of the encipher- 
ers 17 and 18. 

Two block enciphering systems are employed in 
this embodiments: 



1 . The selection means 1 4 is so set by an encipher- 
ing method setting signal that it selects the output 
of an enciphering system that is determined by the 
preprocedures. 

2. Either a common key K A or a public key KP A , 



55 1. A DES enciphering system 
2. An RSA enciphering system 

The DES enciphering device 1 7 and the FEAL encipher- 
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ing device 18 perform the enciphering process for the 
embodiment. The DES enciphering system and the FE- 
AL enciphering system are introduced merely as specif- 
ic common-key enciphering examples; and the present 
invention is not limited to these and can be applied for 
other cryptographic algorithms. 

When the communication terminal 10 in Fig. 52 is 
employed for the DES enciphering process, the selec- 
tion means always selects the output from the DES en- 
ciphering device 1 7. When the communication terminal 
10 is employed for the FEAL enciphering process, the 
selection means 14 always selects the output from the 
FEAL enciphering device 18. 

The key generation and selection device 13, the 
communication interface 12, and the selectbn means 
1 4 in this embodiment are the same as those in the six- 
teenth embodiment. The cryptographic communication 
network in Fig. 4 is employed for this embodiment. 

The procedures for communication between an in- 
formation providing center 40 and a user A, and the ac- 
counting procedures in this embodiment are performed 
in the same manner as are described in the sixteenth 
embodiment. 

Nineteenth Embodiment 



In this embodiment are employed a communication 
terminal 10 shown in Fig. 53, which comprises a enci- 
phering device 19 for performing enciphering (and de- 
ciphering); a communication interface 12; and a key 
generation and selection device 13. The selection 
means 14 employed in the above described embodi- 
ments is included in the enciphering device in this em- 
bodiment. In this embodiment, a DES (involution) enci- 
phering system is employed. A plurality of f functions 
that are included as components are prepared, and a 
plurality of enciphering systems can be set by selecting 
a specific f function. 

Since the DES enciphering system is an algorithm 
for repeating the same process, a single circuit can per- 
form the repeated process. If a circuit is constructed with 
a one-stage process for DES enciphering as one 
processing unit, the circuit is used repeatedly to perform 
an enciphering process. 

An enciphering device 1 9 in this case is designed 
as is shown in Fig. 54. The enciphering device 1 9 in Fig. 
54 comprises registers 19a and 19b; an exclusive OR 
circuit 19c; a plurality of f functions (f 1 , f 2 , . . and f t ); and 
selection means 1 9d for selecting one of the plurality of 
f functions. The selection means 1 9d is controlled by an 
enciphering method setting signal. 

A plurality of f functions can be provided by prepar- 
ing Sbox sets in a count equivalent to that of the f func- 
tions. For f function t, , Sbox set S 11 , S 12 , . . , and S 18 is 
employed; for f function f 2 , Sbox set of S 21 , S^, ... and 
S 26 is employed; and so on. The f functions for different 
enciphering systems may be prepared. In this case, for 
function f-,, an f function for DES enciphering is used; 



for function f 2 , an f function for FEAL enciphering is 
used; ... and so on. 

A key generation and selection device 1 3 and com- 
munication interface 12 are the same as those in the 
5 sixth embodiment, and the cryptographic communica- 
tion network in Fig. 4 is employed. 

In this embodiment, the procedures for communi- 
cation between an information providing center 40 and 
a user, and the accounting procedures are performed in 
io the same manner as described in the sixteenth embod- 
iment. 

Twentieth Embodiment 

is a communication terminal 10 employed in this em- 
bodiment has the same structure as the communication 
terminal 10 shown in Fig. 53. It should be noted that an 
enciphering device 20 is employed instead of an enci- 
phering device 19. Selection means is included in the 

20 enciphering device 20 in this embodiment. Since the bit 
length of a key is not changed by an enciphering system, 
a key generation and selection device 1 3 is not always 
necessary. 

A block enciphering system is employed as an en- 
25 ciphering system for this embodiment. Further, one of 
the following modes in which the block enciphering sys- 
tem is employed can be set by an enciphering method 
setting signal: 

30 1 . An ECB (Electric Codebook) mode 

2. A CBC (Cipher Block Chaining) mode 

The CBC mode, though it will be described later, will 
be briefly explained. When plaintext is denoted by M ; ; 
35 enciphered text, C v initial value, IV; enciphering using 
cryptographic key K, E K ; and deciphering using crypto- 
graphic key K, D K , the CBC mode is represented by the 
following expressions: 



40 



45 



50 



(3) 



C. = E K (hA l + C i _,)(\ = 2,3,...) (4) 
M 1 ^(C^ + IV (5) 



M. = D K (C i ) + C M )(i = 2 I 3,...) 



(6) 



The enciphering device 20 in this embodiment is ar- 
ranged as shown in Fig. 55. The enciphering device 20 
55 in Fig. 55 comprises a block encipherer 20a: selection 
means 20b, for selecting one of two inputs; and an ex- 
clusive OR circuit 20c, for performing an exclusive OR 
operation for each bit. The selection means 20b is con- 
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trolled by an enciphering method setting signal. 

When the enciphering device 20 in Fig. 55 is em- 
ployed in the ECB mode, a series of 0 bits is used as an 
input initial value IV. The selection means 20b always 
selects the initial value IV. 

When the enciphering device 20 is employed in the 
CBC mode, an arbitrary series of bits is set as an input 
initial value IV The selection means 20b selects the in- 
itial value IV when the first block is to be enciphered, 
and thereafter selects the output from the enciphering 
device 20. It is not necessary for the initial value IV to 
be kept secret between communicators. 

The key generation and selection device 1 3 and the 
communication interface 12 in the sixteenth embodi- 
ment are also used in this embodiment, and the crypto- 
graphic communication network in Fig. 4 is used. 

The procedures for communication between an in- 
formation providing center 40 and a user, and the ac- 
counting procedures are performed in the same manner 
as is described in the sixteenth embodiment. In the pre- 
procedures, however, a procedure is required owning 
the initial value IV when the CBG mode is selected. For 
example, a procedure in which the initial value is used 
in common by the information providing center 40 and 
a user is required before cryptographic communication 
is initiated. Since the initial value IV does not have to be 
kept secret between the information providing center 40 
and a user A, it may not be enciphered. Not only secret 
key K A but also the initial value IV that is owned in com- 
mon must be set to the enciphering device 20 of the 
communication terminal 10. 

Twenty -first Embodiment 

This embodiment provides an improved encipher- 
ing system according to the sixteenth embodiment. In 
this embodiment, as well as in the sixteenth embodi- 
ment, are employed a communication terminal 10 
shown in Fig. 42, which comprises a plurality of enci- 
phering devices 11 ; a communication interlace 1 2; a key 
generation and selection device 13; and selection 
means 14 for selecting one of the outputs from the plu- 
rality of enciphering devices 11 

A difference between this embodiment and the six- 
teenth embodiment is as follows. Although the plurality 
of enciphering devices 11 are provided in the sixteenth 
embodiment, a key for each of the enciphering devices 
11 is fixed during the course of a single cryptographic 
communication exchange. In other words, a key is not 
changed as needed during the cryptographic communi- 
cation period, and the same key is used from the begin- 
ning to the end of the cryptographic communication pe- 
riod. In this embodiment, however, a key is changed as 
needed during cryptographic communication in order to 
improve the security to prevent a third party from deci- 
phering cryptography. Since the key is updated as need- 
ed during the cryptographic communication exchange, 
the key generation and selection device 1 3 generates 



keys even during cryptographic communication, and up- 
dates the key of the enciphering device 11 each time a 
key is generated that has a length corresponding to an 
enciphering system that is selected by an enciphering 

5 method setting signal. It should be noted that the key 
must be updated synchronously between a sender and 
a receiver for cryptographic communication. 

The key generation and selection device 13 in this 
embodiment is designed as is shown in Fig. 43, the 

io same as in the sixteenth embodiment. As is described 
above, however, the key generation and selection de- 
vice 1 3 of this embodiment generates keys even during 
cryptographic communication, and updates the key of 
the enciphering device each time a key is generated that 

is has a length corresponding to an enciphering system 
that is selected by an enciphering method setting signal. 
Thus, the operation of the key generation and selection 
device 13 is different from that in the sixteenth embod- 
iment. 

20 The key generation and selection device 1 3 in the 
sixteenth embodiment is not necessarily operated when 
a key is generated that has a length corresponding to 
an enciphering system that is selected by an encipher- 
ing method setting signal. On the other hand, the key 

25 generation and selection device 1 3 in this embodiment 
is required to sequentially generate keys having a length 
that corresponds to an enciphering system that is se- 
lected by an enciphering method setting signal. In other 
words, the key generation and selection device 1 3 in this 

30 embodiment repeats many times the operation of the 
key generation and selection device 13 in the sixteenth 
embodiment. 

A key generation algorithm for the key generation 
and selection device 13 in this embodiment is not limit- 

35 ed, and a general algorithm, such as that which is de- 
scribed in the sixteenth embodiment, can be used. An 
explanation will be given for a case wherein employed 
as a key generation algorithm is an algorithm for gener- 
ation of a pseudo-random number sequence that is se- 

40 cure from a calculation amount, especially, an algorithm 
for generation of a square-type pseudo-random number 
sequence. 

A square-type pseudo-random number sequence is 
a sequence of b v b 2 , . . ., that is generated using the 
45 following procedures. 

Sguare-type pseudo-random number sequence 

Supposing that p and q are prime numbers that sat- 
50 isfy p = q = 3 (mod 4), and N = p • q, a bit sequence b-, , 
b 2 , . . which is acquired by initial value x 0 (where x is 
an integer 1 < Xq < NM ) and the following reflexive rela- 
tions: 

55 x j+1 - Xj 2 mod N (i = 0, 1, 2, . . . ) (?) 
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b i = Isbjixg) (i = 1,2....) (8), 

is called a square-type pseudo-random number se- 
quence. It should be noted that Isbj(Xj) represents the 5 
lower j bits : and when the number of bits for modulo N 
is n, j = 0(log 2 n). 

The square-type pseudo-random number se- 
quence is that which is secure from a calculation amount 
on an assumption that determination of a root remainder 10 
for N is difficult from the view point of a calculation 
amount. 

In order to adequately secure the square-type pseu- 
do-random numbers, it is preferable that bit count n for 
modulo N in the square expression (7) be approximately 15 
512. Secret keys (initial values for the key generation 
and selection device 13) K AB , K AC , . . : which are em- 
ployed in common between the subscribers, are 1 < 
K AB .K AC ,... I <N-1. 

A key generation and selection device 1 3 that em- 20 
ploys the square-type pseudo-random number se- 
quence is shown in Fig. 56. The key generation and se- 
lection device 1 3 in Fig. 56 comprises a processor 1 3e, 
for performing feedback calculations using expression 
(7); a processor 13f, for calculating expression (8); and 25 
a computing unit 13g. The operation of the key genera- 
tion and selection device 13 is as follows: 

1 . Initial value x 0 is input to the processor 1 3a. 

2. x,, x 2 , . . . are generated by expression (7). 30 

3. The generated x v x 2 , . . . are substituted into ex- 
pression (8) : which is then calculated by the proc- 
essor 13f, and obtained b v b 2 , . . . are output. 

4. The computing unit 13g converts b-,, b 2 , . . . into 

a series of keys k lt k 2 , . . . having a length that cor- 35 
responds to an enciphering system that is selected 
by an enciphering method setting signal. 

The cryptographic communication procedures 
when a key is updated as needed are shown in Fig. 57. 40 
A block enciphering system is used as an enciphering 

system. In Fig. 57, M uv (ur 1,2 t; v = 1, 2, . . ., s) 

indicates a plaintext block; ky (u = 1 , 2, . . . , t) indicates 
a block enciphering key; ku(M uv ) (u = 1 , 2, . . t; v = 1, 
2, . . .. s) indicates an enciphered text block that is ob- 45 
tained by enciphering a plaintext block M uv using k u . The 
s blocks from M u1 to M us are enciphered by using the 
same key k y . A series of keys k v k 2 , . . ., which are up- 
dated by the above mentioned key generation and se- 
lection device 1 3, are employed sequentially as keys for 50 
block enciphering, and as a result, the plaintext block in 
Fig. 57 is enciphered by using a plurality of keys. 

Since the key is updated as needed and the number 
of plaintext blocks that are enciphered by using the 
same key is s, the analysis of a key can be difficult 55 

The enciphering device 11 , the communication in- 
terface 12, and the selection means 14 in the sixteenth 



embodiment are employed for this embodiment, and the 
cryptographic communication network in Fig. 4 is em- 
ployed. 

In this embodiment, the information providing serv- 
ice provided by an information providing center 40 to a 
user A is performed according to the following proce- 
dures. The preprocedures and the accounting proce- 
dures are the same as those in the sixteenth embodi- 
ment. 

Information providing procedures (for information 
providing center) 

1 . The selection means 14 is so set by an encipher- 
ing method setting signal that it selects the output 
of an enciphering system that is determined by the 
preprocedures. 

2. The secret key K A , which is held for the user A in 
the key storage area in the storage device 43, is set 
as an initial value to the key generation and selec- 
tion device 1 3. A key is generated that corresponds 
to the enciphering system that is selected according 
to the enciphering method setting signal. 

3. While a series of keys that are output by the key 
generation and selection device 13 is used to up- 
date the key of the enciphering device 11 , data are 
enciphered using the updated keys. The selection 
means 14 selects enciphered text that is output by 
the enciphering device 11, which is determined by 
the preprocedures, and transmits the selected en- 
ciphered text to the user A via the communication 
interface 12. 

Information providing procedures (for user A) 

1 . The selection means 14 is so set by an encipher- 
ing method setting signal that it selects the output 
of the enciphering system that is determined by the 
preprocedures. 

2. The secret key K A , which is held in the portable 
storage device 30, is set as an initial value to the 
key generation and selection device 13, which in 
turn generates a key that corresponds to an enci- 
phering system that is selected by an enciphering 
method setting signal. 

3. The enciphered data are received from the infor- 
mation providing center 40 across a transfer path 
via the communication interface 12. While a series 
of keys that are output by the key generation and 
selection device 13 are used to update the key of 
the enciphering device 11 as needed, the received 
enciphered data are deciphered by using the updat- 
ed key. The selection means 14 receives plaintext 
that is output by the enciphering device 11, which 
is determined by the preprocedures. 

Although the square-type pseudo-random numbers 
are used as an algorithm for the generation of pseudo- 
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random numbers that are secure for a calculation 
amount, another algorithm that is used to generate 
pseudo-random numbers that are secure from a calcu- 
lation amount can be used; as is described in reference, 
Tsujii and Kasahara, "Cryptography and Information Se- 
curity", Shokosha, p. 86, 1990, for example, an algo- 
rithm for which RSA cryptography, discrete logarithms, 
or reciprocal cryptography is employed also can also be 
applied as the algorithm of the present invention for the 
generation of pseudo-random numbers. 

The method of this embodiment for updating a key 
as needed was explained based on the sixteenth em- 
bodiment; but this method can be applied not -only to the 
sixteenth embodiment but also to the eighteenth, nine- 
teenth and twentieth embodiments. 

Twenty-second Embodiment 

According to the sixteenth embodiment, a specific 
enciphering system is selected from among a plurality 
of enciphering systems where a key is fixed, while ac- 
cording to the twenty-first embodiment, a specific enci- 
phering system is selected from among a plurality of en- 
ciphering systems by which a key is updated. As a mod- 
ification of these two embodiments, according to this 
embodiment, an enciphering system is selected, either 
an enciphering system wherein a key is fixed or an en- 
ciphering system wherein a key is updated. 

In this embodiment, a communication terminal 10 
in Fig 58 is employed that comprises; an enciphering 
device 11 , for performing enciphering (and deciphering); 
a communication interface 1 2; and a key generation and 
selection device 1 3. It is should be noted that for simpli- 
fication of the explanation only one enciphering device 
is provided herein. 

A block enciphering system is employed as an en- 
ciphering system for this embodiment. One of the fol- 
lowing methods for block enciphering can be set by an 
enciphering method setting signal. 

1 . Performing enciphering by using a fixed key 

2. Performing enciphering while a key is updated. 



When the method of operation for the communication 
terminal 10 in Fig. 58 is the method "performing enci- 
phering while a key is updated", the key generation and 
selection device 13 generates a series of keys accord- 

5 ing to an enciphering method setting signal, and the en- 
ciphering device 11 performs enciphering while sequen- 
tially updating the key using the series of keys. 

The key generation and selection device 13 in this 
embodiment is the same as that in the twenty-first em- 

10 bodiment, and the enciphering device 11 and the com- 
munication interface 12 are the same as those in the 
sixteenth embodiment. The cryptographic communica- 
tion network shown in Fig. 4 is also used in this embod- 
iment. 

is The procedures for communication between an in- 
formation providing center 40 and a user, and the ac- 
counting procedures in this embodiment are performed 
in the same manner as in the sixteenth embodiment. 
When the method for performing enciphering while a 
20 key is updated is selected, the information providing pro- 
cedures are performed in the same manner as in the 
twenty-first embodiment. 

Through these procedures, an enciphering system 
can be selected in consonance with the secrecy re- 
25 quired for the data to be transmitted. For example, for 
especially secret data, the method for "performing enci- 
phering while a key is updated" can be selected. For 
other data, the method for "performing enciphering by 
using a fixed key" can be selected to simplify the 
30 processing. Therefore, an information providing service 
charge system that is accordance with a selected enci- 
phering method can be achieved. 

Although for simplification of the explanation only 
one enciphering device 11 was provided in this embod- 
35 iment, the present invention includes a case wherein a 
plurality of enciphering devices 11 are provided. When 
a plurality of enciphering devices 11 are provided, se- 
lection means 14 for selecting one of the outputs by the 
enciphering devices 11 is required. 

40 

Twenty-third Embodiment 



The key generation and selection device 1 3 is con- 
trolled by an enciphering method setting signal. When 
the method for "performing enciphering by using a fixed 
key" is employed, the key generation and selection de- 
vice 13 generates a fixed key (one key) and halls its 
processing. When the method for "performing encipher- 
ing while a key is updated" is employed, the key gener- 
ation and selection device 1 3 repeats key generation to 
provide a series of keys (a plurality of keys). 

When the method of operation for communication 
terminal 10 in Fig. 58 is the method "performing enci- 
phering by using a fixed key", the key generation and 
selection device 1 3 generates a fixed key according to 
an enciphering method setting signal, and the encipher- 
ing device 11 performs enciphering using the fixed key 



An explanation will be given for this embodiment 
wherein the arrangement of the key generation and se- 
45 lection device 1 3 in the twenty-first and twenty-second 
embodiments is modified. 

In the twenty-first and twenty-second embodi- 
ments, since a key that is owned in common between 
subscribers is fixed, even if the method for "performing 
so enciphering while a key is updated" is employed, the in- 
itial value of the key generation and selection device 13 
is a constant value for the same user. As a result, the 
same series of keys may be generated. 

In this embodiment, even it the user is the same, 
55 the initial value of the key generation and selection de- 
vice 13 is changed each time to improve the security. 

In expressions (7) and (8) in the twenty-first embod- 
iment that are the procedures for generating a series of 
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keys, x j+1 , which is sequentially updated by the feed- 
back calculation, is called an internal variable of the key 
generation and selection device 13. 

The key generation and selection device 13 in this 
embodiment includes a processor 13h for performing 
feedback calculation of expression (7) and a processor 
1 3i for calculating expression (8), as is shown in Fig. 59, 
and reads the internal variable that is updated by ex- 
pression (7). At a communication terminal 10 of a user, 
the internal variable is stored in holding means 30a of a 
portable storage device 30, which is connected to the 
communication terminal 10 in the sixteenth embodi- 
ment. At a communication terminal 10 of an information 
providing center 40, the internal variable that is read is 
stored in a key storage area in a storage device 43 used 
in the sixteenth embodiment. 

In the twenty -first and twenty-second embodi- 
ments, only the initial value is set to the key generation 
and selection device 13, and the movement of data is 
unidirectional. In this embodiment, however, it is possi- 
ble to read, in the reverse direction, the internal variable 
in the key generation and selection device 13. A com- 
mon key that was used for the current cryptographic 
communication is replaced with the internal variable, 
which has been read as a common key, that will be used 
for the next cryptographic communication. 

When the key generation and selection device 13 
is replaced by the key generation and selection device 
13 in Fig 56 a communication terminal 10 can be pro- 
vided whereby the internal variable can be changed 
each time the initial value of the key generation and se- 
lection device 13 is used. 

The cryptographic communication network in Fig. 4 
is also used in this embodiment. 

The procedures for communication between the in- 
formation providing center 40 and a user, and the ac- 
counting procedures are performed in the same manner 
as in the sixteenth embodiment. However, in the infor- 
mation providing procedures for the information provid- 
ing center 40, one procedure is required at the last in 
which "an internal variable of a key generation and se- 
lection device, when information to be provided has 
been enciphered, is secretly held as a new initial value 
tor the next cryptographic communication with A in the 
key storage area of the storage device 43". For a user, 
one procedure is required at the last in which "an internal 
variable value for a key generation and selection device, 
when enciphered information has been deciphered, is 
secretly held in the holding means 30a of the portable 
storage device 30 as a new initial value for the next cryp- 
tographic communication for information service". 

As is described above, according to the above em- 
bodiments, since an enciphering system can be select- 
ed, the security for enciphering information that is to be 
provided and a service charge for it, or an enciphering 
rate and a corresponding service charge, can be select- 
ed in consonance with an encipher power and an enci- 
phering rate for the selected enciphering system, 



whereas conventionally these are not taken into consid- 
eration. As a result, a charging system for providing in- 
formation service having a high degree of freedom can 
be provided. 

s As is described above, according to the present in- 

vention, since selection means for selecting an enci- 
phering system is provided for communication means 
that a sender and a receiver employ for cryptographic 
communication, an enciphering system can be 

io changed. Further, since the selected enciphering sys- 
tem is owned in common by a sender and a receiver 
before the transmission of enciphered text, the selection 
of the enciphering system, which is conventionally im- 
possible, can be permitted, and thus cryptographic com- 

15 munication having a high degree of freedom can be pro- 
vided. 

Many widely different embodiments of the present 
invention may be constructed without departing from the 
scope of the present invention. It should be understood 
20 that the present invention is not limited to the specific 
embodiments described in the specification, except as 
defined in the appended claims. 

25 Claims 

1. A communication device comprising: 

(a) encipher transmission means for encipher- 
30 ing data and transmitting enciphered data; 

(b) counting means for obtaining a count of 
quantity of data to be enciphered; and 

(c) accounting means for charging a user for 
said enciphered data in accordance with a 

55 count value held by said counting means. 

2. A communication device according to claim 1 , 
wherein said encipher transmission means in- 
cludes: 

40 

an encipherer for performing enciphering ac- 
cording to a specific algorithm; 
a pseudo-random number generator for per- 
forming feedback calculation to generate a 

45 pseudo-random number sequence that is se- 

cure from a calculation amount; and 
a computing unit for converting, into a series of 
keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 

50 do-random number generator. 

3. A communication device according to claim 2, 
wherein a square-type pseudo-random number 
generator is employed as said pseudo-random 

55 number generator. 

4. A communication device according to claim 1, fur- 
ther comprising display means for displaying a 
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charge, which is calculated by said accounting 
means. 

A communication device comprising: 

(a) encipher transmission means for encipher- 
ing data as units of a block each and for trans- 
mitting the enciphered data; 

(b) counting means for obtaining a count of said 
blocks to be enciphered; and 

(c) accounting means for charging a user for 
said enciphered data in accordance with a 
count value held by said counting means. 

A communication device according to claim 5, 
wherein said encipher transmission means in- 
cludes: 

an encipherer for performing enciphering ac- 
cording to a specific algorithm; 
a pseudo-random number generator for per- 
forming feedback calculation to generate a 
pseudo-random number sequence that is se- 
cure from a calculation amount; and 
a computing unit for converting, into a series of 
keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 
do-random number generator. 

A communication device according to claim 6, 
wherein a square-type pseudo-random number 
generator is employed as said pseudo-random 
number generator. 

A communication device according to claim 5, fur- 
ther comprising display means for displaying a 
charge, which is calculated by said accounting 
means. 

A communication device comprising: 

(a) encipher transmission means for encipher- 
ing data and transmitting enciphered data; 

(b) counting means for obtaining a count of 
cryptographic keys that are employed lor enci- 
phering; and 

(c) accounting means for charging a user of 
said enciphered data in accordance with a 
count value held by said counting means. 

10. A communication device according to claim 9, 
wherein said encipher transmission means in- 
cludes: 



11. 



10 



pseudo-random number sequence that is se- 
cure from a calculation amount; and 
a computing unit for converting, into a series of 
keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 
do-random number generator. 

A communication device according to claim 10, 
wherein a square-type pseudo-random number 
generator is employed as said pseudo-random 
number generator. 



12. A communication device according to claim 9, fur- 
ther comprising display means for displaying a 

is charge, which is calculated by said accounting 
means. 

13. A communication device comprising: 



an encipherer for performing enciphering ac- 
cording to a specific algorithm; 
a pseudo-random number generator for per- 
forming feedback calculation to generate a 



20 (a) encipher transmission means for encipher- 

ing data and transmitting enciphered data while 
updating a cryptographic key: 

(b) counting means for obtaining a count of 
feedback calculations that are performed for 

25 updating said cryptographic key; and 

(c) accounting means for charging a user of 
said enciphered data in accordance with a 
count value held by said counting means. 

30 14. A communication device according to claim 13, 
wherein said encipher transmission means in- 
cludes: 

an encipherer tor performing enciphering ac- 
35 cording to a specific algorithm; 

a pseudo-random number generator for per- 
forming feedback calculation to generate a 
pseudo-random number sequence that is se- 
cure from a calculation amount; and 
40 a computing unit for converting, into a series of 

keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 
do-random number generator. 

45 15. A communication device according to claim 14, 
wherein a square-type pseudo-random number 
generator is employed as said pseudo-random 
number generator. 

so 16. A communication device according to claim 1 3, fur- 
ther comprising display means for displaying a 
charge, which is calculated by said accounting 
means. 

55 17. A communication system comprising: 

(a) a transmission terminal, including encipher 
transmission means for enciphering data and 
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changes a processing rate for said encipherer 
and/or a generation rate for said pseudo-ran- 
dom number generator. 

5 24. A cryptographic communication device according 
to claim 23, wherein a square-type pseudo-random 
number sequence that is secure from a calculation 
amount is employed as said pseudo-random 
number sequence that is generated by said pseu- 

10 do- random number generator 



transmitting enciphered data; and 
(b) a reception terminal, including encipher re- 
ception means for receiving and deciphering 
enciphered data, said transmission terminal 
charging said reception terminal a fee that cor- 
responds to an operation of said encipher 
transmission means. 

18. A communication system according to claim 17, 
wherein said transmission terminal includes ac- 
counting means for calculating a charge in accord- 
ance with an amount of data enciphered by said en- 
ciphering and transmission means. 

19. A communication system according to claim 17, 
wherein said transmission terminal includes ac- 
counting means for calculating a charge in accord- 
ance with a count of data blocks enciphered by said 
enciphering and transmission means. 

20. A communication system according to claim 17, 
wherein said transmission terminal includes ac- 
counting means for calculating a charge in accord- 
ance with a count of cryptographic keys enciphered 
by said enciphering and transmission means. 

21. A communication system according to claim 17, 
wherein said transmission terminal includes ac- 
counting means for calculating a charge in accord- 
ance with a count of feedback calculations enci- 
phered by said enciphering and transmission 
means. 

22. A cryptographic communication device comprising: 

(a) cryptographic communication means for en- 
ciphering transmission data and deciphering 
received enciphered data and for performing 
communication; and 

(b) changing means for changing a rate that is 
applied for enciphering/deciphering data. 

23. A cryptographic communication device according 
to claim 22, wherein said cryptographic communi- 
cation means includes: 

an encipherer for performing enciphering ac- 
cording to a specific algorithm; 
a pseudo-random number generator for per- 
forming predetermined calculations to gener- 
ate a pseudo-random number sequence; and 
a computing unit for converting, into a series of 
keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 
do-random number generator, and wherein a 
cryptographic key for said encipherer is updat- 
ed by using said series of keys that is generated 
by said computing unit, and said change means 



25. A cryptographic communication device according 
to claim 24, wherein a square-type pseudo-random 
number generator is employed as said pseudo-ran- 

15 dom number generator. 

26. A cryptographic communication device according 
to claim 22, wherein said change means employs 
clock selection means for selecting an arbitrary 

20 clock from among a plurality of clocks that have dif- 
ferent frequencies. 

27. A cryptographic communication device according 
to claim 23, wherein said change means employs a 

2S plurality of processing means for performing a re- 
petitive portion of processing that is performed by 
said encipherer and/or said pseudo-random 
number generator. 

30 28. A cryptographic communication device according 
to claim 22. wherein said cryptographic communi- 
cation means has inherent and secret common 
keys and includes an encipherer for performing en- 
ciphering and deciphering according to a predeter- 

35 mined algorithm. 

29. An enciphering device comprising: 

(a) enciphering means for enciphering and de- 
40 ciphering a predetermined algorithm; and 

(b) changing means for changing a rate for said 
encipher means without changing said prede- 
termined algorithm. 



45 30. An enciphering device comprising: 

(a) enciphering means capable of changing an 
encipher power relative to transmission data; 
and 

50 (b) changing means for changing said encipher 

power of said enciphering means in accord- 
ance with a deciphering capability of a trans- 
mission destination. 

55 31. An enciphering device comprising: 

(a) enciphering means capable of changing an 
encipher power relative to transmission data; 
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and 

(b) changing means for changing said encipher 
power of said enciphering means by negotia- 
tion with a transmission destination. 

32. An cryptographic communication device compris- 
ing: 

(a) encipher transmission means for encipher- 
ing data and transmitting enciphered data; 

(b) selection means for selecting an encipher- 
ing rate for said encipher transmission means; 
and 

(c) accounting means for charging a user for 
said enciphered data in accordance with said 
enciphering rate that is selected by said selec- 
tion means. 

33. A cryptographic communication device according 
to claim 32, wherein said cryptographic communi- 
cation means has inherent and secret common 
Keys tor said cryptographic communication means 
and receiving and deciphering means on a recep- 
tion side, and includes: 

an encipherer for performing enciphering ac- 
cording to a specific algorithm; 
a pseudo-random number generator for per- 
forming predetermined calculations to gener- 
ate a pseudo-random number sequence; and 
a computing unit for converting, into a series of 
keys for said encipherer, said pseudo-random 
number sequence that is output by said pseu- 
do-random number generator, and wherein 
said selection means selects said enciphering 
rate and/or a generation rate for said pseudo- 
random number sequence, and said account- 
ing means calculates a charge in accordance 
with said enciphering rate and/or said genera- 
tion rate selected by said selection means 

34. A cryptographic communication device according 
to claim 33, wherein a square-type pseudo-random 
number sequence that is secure from a calculation 
amount is employed as said pseudo-random 
number sequence that is generated by said pseu- 
do-random number generator. 

35. A cryptographic communication device according 
to claim 33, wherein a square-type pseudo-random 
number generator is employed as said pseudo-ran- 
dom number generator. 

36. A cryptographic communication device according 
to claim 32, wherein employed as said selection 
means is clock selection means for selecting an ar- 
bitrary clock from among a plurality of clocks having 
different frequencies. 



37. A cryptographic communication device according 
to claim 33, further comprising a plurality of 
processing means for performing a repeated por- 
tion of a process performed by said encipherer and/ 

5 or said pseudo-random number generator, wherein 
said selection means determines a number of said 
plurality of processing means to be used. 

38. A cryptographic communication device according 
10 to claim 33, further comprising processing means 

for performing a repeated portion of a process per- 
formed by said encipherer and/or said pseudo-ran- 
dom number generator, wherein said selection 
means determines how many times said processing 
is means is to be used. 

39. A cryptographic communication method, whereby 
enciphered data are transmitted across a network 
and setting of variable enciphering power is possi- 

20 ble, comprising a step whereat said data transmis- 
sion side charges a data reception side in conso- 
nance with said enciphering power. 

40. A cryptographic communication device comprising: 

25 

(a) encipher transmission means for encipher- 
ing data by using a plurality of enciphering sys- 
tems and for transmitting enciphered data; 

(b) selection means for selecting one encipher- 
er ing system from among said plurality of said en- 
ciphering systems; and 

(c) accounting means for charging a fee in con- 
sonance with said enciphering system that is 
selected by said selection means. 

35 

41. A cryptographic communication device according 
to claim 40, wherein receiving and deciphering 
means is provided for receiving and deciphering en- 
ciphered data, and wherein key generation means 

40 for generating a key that corresponds to said enci- 
phering system that is selected is provided in said 
cryptographic transmission means and said receiv- 
ing and deciphering means. 

45 42. A cryptographic communication device according 
to claim 40, f unher comprising updating means for 
updating as needed a key that is generated by said 
key generation means during a data enciphering 
process. 

50 

43. A cryptographic communication device according 
to claim 41 , wherein an algorithm for generating 
pseudo-random numbers that are secure from a 
calculation amount is employed as an algorithm that 

55 is employed by said key generation means. 

44. A cryptographic communication device according 
to claim 43, wherein a square-type pseudo-random 
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number generation algorithm is employed as an al- 
gorithm for generating said pseudo-random num- 
bers that are secure from a calculation amount. 

45. A cryptographic communication system, which en- .5 
ciphers data across a network and selects an enci- 
phering system, wherein a data transmission side 
charges a data reception side in accordance with 
said enciphered system that is selected. 

10 

46. A cryptographic communication device comprising: 

(a) a plurality of communication means for en- 
ciphering transmission data and deciphering 
received enciphered data, and for performing is 
communication with each other; and 

(b) selection means, provided in each of said 
plurality of communication means, for selecting 
one of a plurality of enciphering systems. 

20 

47. A cryptographic communication device according 
to claim 46, further comprising key generation 
means is provided in said communication means, 
for generating a key corresponding to an encipher- 
ing system that is selected by said selection means. 25 

48. A cryptographic communication device according 
to claim 47, further comprising updating means, 
provided in said communication means, for updat- 
ing as needed a key that is generated by said key 30 
generation means during an enciphering process 

for transmission data. 

49. A cryptographic communication device according 

to claim 46, further comprising determination 35 
means provided in said communication means, for 
performing communication with each other to deter- 
mine an enciphering system that is selected by said 
selection means. 

40 

50. A cryptographic communication device according 
to claim 47, wherein an algorithm for generating 
pseudo-random numbers that are secure from a 
calculation amount is employed as an algorithm that 

is employed by said key generation means. 45 

51. A cryptographic communication device according 
to claim 50 : wherein a square-type pseudo-random 
number generation algorithm is employed as an al- 
gorithm for generating said pseudo-random num- so 
bers that are secure from a calculation amount. 

52. An enciphering device comprising: 

(a) enciphering means for selectively employ- 55 
ing a plurality of enciphering systems to enci- 
pher information; and 

(b) mode selection means for selecting an op- 



erational mode, wherein said enciphering 
means includes selection means for selecting 
one of said plurality of enciphering systems in 
accordance with said operational mode that is 
selected. 

53. An enciphering device comprising: 

(a) enciphering means for selectively employ- 
ing a plurality of enciphering systems to enci- 
pher information; and 

(b) selection means for selecting a security 
rank, wherein said enciphering means selects 
one of said plurality of enciphering systems in 
accordance with said security rank that is se- 
lected. 

54. A cryptographic communication system, which per- 
mits a plurality of terminals on a network to commu- 
nicate enciphered data and selects an enciphering 
system, wherein when an enciphering system that 
is designated by a predetermined terminal is to be 
changed by another terminal, an approval by said 
predetermined terminal is required. 

55. A communication method comprising the steps of: 

enciphering data and transmitting the enci- 
phered data; 

obtaining count of quantity of data to be enci- 
phered or count of the cryptographic keys that 
are implied for enciphering: and 
charging a user for the enciphered data in ac- 
cordance with the count value obtained. 

56. A communication method according to claim 55 
wherein the enciphered data is enciphered as units 
of a block each and the quantity of data is counted 
by obtaining a count of the blocks to be enciphered. 

57. A communication method comprising the steps of: 

enciphering data and transmitting the enci- 
phered data while updating a cryptographic 
key; 

obtaining a count of feedback calculations that 
are performed for updating the cryptographic 
key; and 

charging a user of the enciphered data in ac- 
cordance with the count value obtained. 

58. An enciphering method comprising the steps of: 

enciphering and deciphering a predetermined 
algorithm; and 

changing a rate for the enciphering without 
changing the predetermined algorithm 
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59. An enciphering method comprising the steps of: 

changing an encipher power relative to trans- 
mission data in accordance with a deciphering ca- 
pability of a transmission destination. 

60. An encipher method comprising the steps of : 

changing an encipher power relative to trans- 
mission data by negotiating with a transmission 
destination. 

61 . A cryptographic communication method comprising 
the steps of: 

enciphering data and transmitting enciphered 
data; 

selecting an enciphering rate tor the encipher 
transmission; and 

charging a user for the enciphered data in ac- 
cordance with the enciphering rate that is se- 
lected. 
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